FINAL ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment A, received on 18 November 2021, has been entered into record.  In this amendment, claims 1, 5, 8, and 15 have been amended.

Claims 1-20 are presented for examination.

Response to Arguments
With regards to the objection to the claims, the applicant has submitted amendments, and the examiner hereby withdraws the objection.
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 3-5, 8, 10-12, 15, and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Karin et al. (US 2021/0081539 A1 and Karin hereinafter) in view of Abbaszadeh et al. (US .
As to claims 1 and 15, Karin discloses a system and method for inferring security incidents from observational data, the system and method having:
determining, for each pair of assets in the set of partially detailed assets, a calculation of one or more edges between the pair of assets in the set of partially detailed assets (0053, lines 1-2, 9-11; 0058, lines 3-4); 
combining the set of partially detailed assets into a plurality of merged assets, each merged asset of the plurality of merged assets combined from a subset of the set of partially detailed assets having a common characteristic (0060, lines 2-9); 
storing the plurality of merged assets in an indexed database (0048, lines 5-9; 0049, lines 9-13). 
Karin fails to specifically disclose:
extracting detail information from a plurality of data sources about one or more assets; 
generating a set of partially detailed assets, which includes one or more components of one or more websites, based on the extracted detail information about the one or more assets.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Karin, as taught by Abbaszadeh.
Abbaszadeh discloses a system and method for self-certified security for assured cyber-physical systems, the system and method having:
extracting detail information from a plurality of data sources about one or more assets (0011, lines 11-13); 
generating a set of partially detailed assets based on the extracted detail information about the one or more assets (0010, lines 13-16).
Given the teaching of Abbaszadeh, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Karin with the teachings of Abbaszadeh by generating partially detailed assets based on extracted information.  Abbaszadeh recites motivation by disclosing that reduced feature data is generated in order to detect whether the cyber-physical system is behaving normally or abnormally, thus providing system security (0009). It is obvious that the teachings of Abbaszadeh would have improved the teachings of Karin by generating partially detailed assets in order to detect a normally or abnormally behaving system and provide system security.

Karin in view of Abbaszadeh fails to specifically disclose:
which includes one or more components of one or more websites.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Karin in view of Abbaszadeh, as taught by Mushtaq.
Mushtaq discloses a system and method for detecting credential stealing attacks, the system and method having:
which includes one or more components of one or more websites (similarity feature set may be source code) (col. 3, lines 43-57).
Given the teaching of Mushtaq, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Karin in view of Abbaszadeh with the teachings of Mushtaq by generating a set including components of a website. Mushtaq recites motivation by disclosing that a similarity feature set of features such as website source code is generated in order to analyze and determine whether a 

As to claim 8, Karin discloses:
determine, for each pair of assets in the set of partially detailed assets, a calculation of one or more edges between the pair of assets in the set of partially detailed assets (0053, lines 1-2, 9-11; 0058, lines 3-4);
combine the set of partially detailed assets into a plurality of merged assets, each merged asset of the plurality of merged assets combined from a subset of the set of partially detailed assets having a common characteristic (0060, lines 2-9);
store the plurality of merged assets in an indexed database (0048, lines 5-9; 0049, lines 9-13);
a network analytic component, implemented at least partially by hardware, configured to: identify the one or more assets in a network (0040, lines 1-12; 0041, lines 1-6).
Karin fails to specifically disclose:
an asset analytic evaluator, implemented at least partially by hardware, configured to: extract detail information from a plurality of data sources about one or more assets; 
generate a set of partially detailed assets, which includes one or more components of one or more websites, based on the extracted detail information about the one or more assets.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Karin, as taught by Abbaszadeh.
Abbaszadeh discloses:
an asset analytic evaluator, implemented at least partially by hardware, configured to: extract detail information from a plurality of data sources about one or more assets (0011, lines 11-13);
generate a set of partially detailed assets based on the extracted detail information about the one or more assets (0010, lines 13-16).
Abbaszadeh also discloses a network analytic component, implemented at least partially by hardware, configured to: identify the one or more assets in a network (0062, lines 1-6).
Given the teaching of Abbaszadeh, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Karin with the teachings of Abbaszadeh by generating partially detailed assets based on extracted information.  Please refer to the motivation recited above with respect to claims 1 and 15 as to why it is obvious to apply the teachings of Abbaszadeh to the teachings of Karin.

Karin in view of Abbaszadeh fails to specifically disclose:
which includes one or more components of one or more websites.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Karin in view of Abbaszadeh, as taught by Mushtaq.
Mushtaq discloses:
which includes one or more components of one or more websites (similarity feature set may be source code) (col. 3, lines 43-57).
Given the teaching of Mushtaq, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Karin in view of Abbaszadeh with the teachings of Mushtaq by generating a set including components of a website. Please refer to the motivation recited above with respect to claims 1 and 15 

As to claims 3, 10, and 17, Karin discloses:

wherein the one or more assets comprise one or more identifiable web components (0025, lines 8-11; 0030, lines 1-9). 

As to claims 4, 11, and 18, Karin discloses:
wherein each calculation comprises a weighted linear combination of a number of features between two assets of the one or more assets (0061, lines 12-15). 

As to claims 5, 12, and 19, Karin discloses:
sending information associated with a merged asset to a third party vulnerability scanner; and receiving an analysis of the merged asset by the third party vulnerability scanner (0037, lines 1-17). 

Claims 2, 9, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Karin in view of Abbaszadeh and Mushtaq as applied to claims 1, 8, and 15 above, and further in view of Mohanty (US Patent 9,692,778 B1).
As to claims 2, 9, and 16, Karin in view of Abbaszadeh and Mushtaq fails to specifically disclose:
wherein the plurality of merged assets comprises a digital attack surface. 
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Karin in view of Abbaszadeh and Mushtaq, as taught by Mohanty.

wherein the plurality of merged assets comprises a digital attack surface (col. 4, lines 24-31, 55-58). 
Given the teaching of Mohanty, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Karin in view of Abbaszadeh and Mushtaq with the teachings of Mohanty by using merged assets comprising a digital attack surface. Mohanty recites motivation by disclosing that defining the attack surface can be used to identify vulnerability and magnitude of threat (col. 4, lines 55-58). It is obvious that the teachings of Mohanty to the teachings of Karin in view of Abbaszadeh and Mushtaq by using merged assets comprising a digital attack surface in order to determine vulnerability and threat.

Claims 6, 7, 13, 14, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Karin in view of Abbaszadeh and Mushtaq as applied to claims 1, 8, and 15 above, and further in view of Venter et al. (US 2021/0006574 A1 and Venter hereinafter).
As to claims 6, 13, and 20, Karin in view of Abbaszadeh and Mushtaq fails to specifically disclose:
wherein the plurality of data sources comprises a public data source. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Karin in view of Abbaszadeh and Mushtaq, as taught by Venter.
Venter discloses a system and method for detecting and mitigating cyber security threats, the system and method having:
wherein the plurality of data sources comprises a public data source (0046, lines 13-17). 


As to claims 7 and 14, Karin in view of Abbaszadeh and Mushtaq fails to specifically disclose:
wherein the plurality of data sources comprises a private data source. 
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Karin in view of Abbaszadeh and Mushtaq, as taught by Venter.
Venter discloses:
wherein the plurality of data sources comprises a private data source (0046, lines 17-21). 
Given the teaching of Venter, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Karin in view of Abbaszadeh and Mushtaq with the teachings of Venter by using a public data source. Please refer to the motivation recited above with respect to claims 6, 13, and 20 as to why it is obvious to apply the teachings of Venter to the teachings of Karin in view of Abbaszadeh and Mushtaq.

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Gorny et al. (US 2016/0080410 A1) discloses a system and method for selective website vulnerability and infection testing.
Hunt et al. (US Patent 9,578,048 B1) discloses a system and method for identifying phishing websites using DOM characteristics.
Mushtaq (US Patent 10,764,313 B1) discloses a system and method for protection against network-based cyber threats.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARAH SU/Primary Examiner, Art Unit 2431