DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	This office action is in reply to amendment filed on November 30, 2021. Claims 1-20 are pending. 

Response to Arguments
Applicant's arguments filed November 30, 2021 have been fully considered but they are not persuasive.	
Applicant argues that Lang et al. US 9,043,861 B2 [hereinafter Lang] teaches a security goal that is an intent set by the user as to what the IT system is going to achieve in the future, which is not the current or past states of behaviors of the IT system.  Applicant further argues that, Lang teaches compliance policy which only define how the IT system is supposed to operate, which is not the current or past states or behaviors of the IT system. Therefore, the Examiner’s interpretation of the policy in Lang as the claimed information source indicates historic or current states and/or behaviors of the IT system and/or its environment under operation is incorrect and unreasonable. 
Note that the high-level security policy in Lang is updated by a system administrator and new low level rules (i.e., new policy) is generated (implies the discussion of receiving information source/policy of the IT system and/or its environment is under operation or current, column 8, lines 10-23). Examiner would point out that, Lang teaches receiving into a processor at least one information source indicating historic or current states and/or behaviors of the IT system and/or its environment under operation (i.e., sender/receivers for an IT system, components or system infrastructure attributes, 

Applicant further argues, that Examiner has not provided any reasonable rational as to why those skill in the art would interpret ‘component or system infrastructure attributes’ as an information source that indicates historic or current states and/or behaviors of the IT system and/or its environment under operation. 
Examiner would point out that, Lang teaches receiving into a processor at least one information source indicating historic or current states and/or behaviors of the IT system and/or its environment under operation (i.e., sender/receivers for an IT system, components or system infrastructure attributes, column 15, lines 5-25). It is understood by the examiner that updating an IT system policy implies it’s for a system under operation or current policy [column 8, lines 10-23]. 

Applicant further argues that the pre-configured rule templates that has been generated and read by policy node is not ‘states and/or behaviors of the IT system and/or its environment.’ Moreover, the components or system infrastructure attributes are to be determined by the template and not being received. 
Examiner would point out that, Lang teaches receiving into a processor at least one information source indicating historic or current states and/or behaviors of the IT system and/or its environment under operation (i.e., The system receives (either by reading/loading etc.,) sender/receivers for an IT system, components or system infrastructure attributes, column 15, lines 5-25). 

Applicant further argues that, it is unreasonable for the Examiner to consider that receiving a policy is equivalent to ‘receiving … at least one policy source indicating historic or current policy states 
It is noted that the features upon which applicant relies (i.e., “pre-configured template of Lang does not depend on states or behaviors of a specific IT system … “) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Examiner would point out that, Lang teaches receiving into the processor at least one policy source indicating historic or current policy states and/or behavior, the historic or current policy states and/or behaviors being the historic or current states and/or behaviors of a current policy being implemented to the IT system and/or its environment (i.e., receiving high level policy, abstract policy, compliance policy, etc., being implemented, column 15, line 35-column 16, line 18). Examiner would point out that, assuming arguendo that the templates are not received high level policy but are loaded by a system administrator, the system would still have to receive the input by the administrator and therefore reads on the claim limitation. 
	Examiner respectfully points out that all applicant’s arguments/comments have been covered by the argument/rejection portion of this and previous office action therefore the rejection is respectfully maintained. 

 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lang et al. US 9,043,861 B2 [hereinafter Lang] in view of Allen et al. US 8,655,824 B1 [hereinafter Allen].

As per claim 1 and 11, Lang teaches a method of managing policies for an information technologies (IT) system, the method comprising:
receiving into a processor at least one information source indicating historic or current states and/or behaviors of the IT system and/or its environment under operation (i.e., sender/receivers for an IT system, components or system infrastructure attributes, column 15, lines 5-25);
receiving into the processor at least one policy source indicating historic or current policy states and/or behavior, the historic or current policy states and/or behaviors being the historic or current receiving high level policy, abstract policy, compliance policy, etc., being implemented, column 15, line 35-column 16, line 18);
based on the received at least one historic or current information source and the historic or current policy source, at least semi-automatically generating via the processor at least one new policy by: 
analyzing one or more information/policy relationships between characteristics of existing information sources with characteristics of policy source [column 15, line 35-column 16, line 18 and column 16, lines 56-67];
identifying for information sources within the existing information sources whether any of the at least one information source in any of one or more information/policy relationships exhibits at least similar characteristics to the at least one information source, indicating partial or full applicability of policy source [column 15, line 35-column 16, line 18 and column 16, lines 56-67]; and
generating the at least one new policy by adapting the policy source to be compliant with information sources [column 15, line 35-column 16, line 18 and column 16, lines 56-67]; and 
distributing, via the processor, the at least one policy to a memory of at least one policy management system, or to at least one memory of a policy implementation entity of the IT system or a policy implementation system to thereby enable implementation of the policies [column 17, lines 8-22].
In the same field of endeavor, Allen teaches a policy framework analyzer including: analyzing one or more information/policy relationships between characteristics of existing information sources with characteristics of existing policy source [column 5, line 14-column 6, line 16];
identifying for information sources within the existing information sources whether any of the at least one information source in any of one or more information/policy relationships exhibits at least similar characteristics to the at least one information source, indicating partial or full applicability of 

As per claims 2 and 12, Lang further teaches the method wherein distributing to the at least one policy management system includes presenting generated policies to a user on a user interface, storing generated policies in a policy repository, or triggering distributing policies from the policy management system [column 15, line 35-column 16, line 18 and column 16, lines 56-67].

As per claims 3 and 13, Lang further teaches the method wherein the at least one historic or current information source includes any information that has any impact on the relationship between information source and policy, including functional system information, nonfunctional system information, security information, security event information or security incident/alert information [column 15, line 35-column 16, line 18 and column 16, lines 56-67].

As per claims 4 and 14, Lang further teaches the method wherein environment of the IT system includes organizational environment, human/nonhuman user environment, IT environment, data environment, or external impacting environment [column 15, line 35-column 16, line 18].

As per claims 5 and 15, Lang further teaches the method wherein the policy sources include security policy information, including security configurations information and security rules [column 15, line 35-column 16, line 18].



As per claims 7 and 17, Lang further teaches the method wherein the predictive analytics approaches encompass a variety of statistical techniques from data mining, predictive modelling, and machine learning, that analyze current and historical facts to make predictions about future or otherwise unknown events [column 15, line 35-column 16, line 18].

As per claims 8 and 18, Lang further teaches the method wherein the automatically or semi-automatically generating the at least one policy includes modeling attacker behavior to determine the information/policy relationships, including attack tree analysis that specifies the information/policy relationships for each node, including the characteristics of information sources in that step and the policy that should be applicable if that step of an attack tree's branch's sequence occurs [column 15, line 35-column 16, line 18].

As per claims 9 and 19, Lang further teaches the method wherein the generated policy is a modified version of the policy source [column 15, line 35-column 16, line 18].

As per claims 10 and 20, Lang further teaches the method wherein the method is executed prior to runtime of the IT system, or once, periodically, or continually during runtime of the IT system [column 15, line 35-column 16, line 18].

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

BEEMNET W. DADA
Primary Examiner
Art Unit 2435



/BEEMNET W DADA/Primary Examiner, Art Unit 2435