Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 5, 6, 8, 11, 12, 13, 15, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yampolskiy US 9,294,498 in view of Crabtree US 2020/0374316.
As per claims 1, 8, 15, Yampolskiy teaches A non-transitory computer-readable storage medium having computer-readable code stored thereon for programming one or more processors to perform steps of: receiving a domain of interest; performing an analysis of the domain to extract namespaces of the domain, hosts associated with the domain, performing a Common Vulnerabilities and Exposures (CVE) search based on the analysis to identify a CVE list associated with the domain; determining weightings of the namespaces of the domain and the subdomains to provide a name list; obtaining cloud monitoring content associated with the domain; and utilizing the name list, the CVE list, and the cloud monitoring content to determine a risk associated with the domain. (Column 6 line 65 to Column 14 line 35; Column 20 lines 25-40)   (Teaches a plethora of risk scoring techniques ofr an entity/domain received,  including 
Yampolskiy does not explicitly teach “subdomains”. 

Crabtree teaches analysis of domains of interest including subdomains associated with the domain, namespaces of the subdomains, and addresses including address ranges of any identified namespaces; [0005][0006][0008][0050]
It would have been obvious to use the methods of Crabtree with Yampolskiy because it provides a more comprehensive cyber security/risk assessment.

As per claims 4, 11, 18,  Yampolskiy teaches The non-transitory computer-readable storage medium of claim 1, wherein the addresses including the address ranges are utilized to identify exposed servers. (Column 6 line 65 to Column 14 line 35; Column 20 lines 25-40)   ( teaches a plurality of tests to identify risks including servers as part of domains that may be exposed, including CVE comparisons.)

As per claims 5, 12, 19, Yampolskiy teaches The non-transitory computer-readable storage medium of claim 1, wherein the analysis utilizes open source intelligence (OSINT) sources. (Column 13 lines 39-51)  (hacker forums)

As per claims 6, 13, Yampolskiy teaches The non-transitory computer-readable storage medium of claim 1, wherein the steps further include performing one or more security tests, wherein the risk associated with the domain is based on the domain and the one or more security 
Claim 2, 9, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yampolskiy US 9,294,498 in view of Crabtree US 2020/0374316 in view of Vester US 2021/0144168
As per claims 2, 9, 16,   Yampolskiy teaches The non-transitory computer-readable storage medium of claim 1, wherein the steps further include displaying the risk in a summarized manner in a User Interface with associated details of the name list, and the cloud monitoring content; and providing one or more remediation actions based on the risk.  (Figures 7-11; Column 20 lines 25-38)
Vester teaches a report that includes the CVE list [0178][0187] Figure 9A.
It would have been obvious to use the CVE data from Vester with Yampolskiy because it makes the report more accurate and provides the user with remediation solutions.


Claim 3, 10, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yampolskiy US 9,294,498 in view of Crabtree US 2020/0374316 in view of Yampolskiy US 9,641,547
As per claims 3, 10, 17 Yampolskiy 547’ teaches The non-transitory computer-readable storage medium of claim 1, wherein the weightings of the namespaces includes predetermine weights based on a hostname. (Column 9 lines 1-40) (weights based on IP address/hostname)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the weight of US 9,641,547 with US 9,294,498 because it is incorporated by reference and ensures more accurate risk assessment.Claims 7, 14, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Yampolskiy US 9,294,498 in view of Crabtree US 2020/0374316 in view of Macaulay US 2015/0207809
As per claims 7, 14, 20,  Crabtree teaches The non-transitory computer-readable storage medium of claim 1, wherein the analysis includes subdomain enumeration, reverse lookups, , and hosting lookup. [0006][0050][0051]Macaulay teaches Autonomous System Name (ASN) lookup [0024]
It would have been obvious to use the methods of Macaulay with Yampolskiy/Crabtree because it provides a more comprehensive cyber security/risk assessment and it is well known.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439