DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 02/14/2022.
Status of claims in the instant application:
Claims 1-5 and 7-20 are pending.
Claim 6 is cancelled.
Claims 1, 7-9 and 15-17 have been amended.
No new claim has been newly added.
Response to Arguments
Applicant’s arguments, see the remarks filed on 02/14/2022 with respect to objection to specification, have been fully considered in view of the amendments, and they are persuasive. Therefore, the specification rejections are withdrawn.
Applicant’s arguments, see the remarks filed on 02/14/2022 with respect to rejections of claims under 35 USC 112(b), have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Applicant’s arguments, see the remarks filed on 02/14/2022 with respect to rejections of claims under 35 USC 101, have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Applicant’s arguments, see the remarks filed on 02/14/2022 with respect to rejections of claims under 35 USC 103, have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Allowable Subject Matter
Claims 1-5 and 7-20 are allowed, but they are renumbered as claims 1-19.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 02/14/2022 in response to office action mailed on 12/01/2021. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
PGPUB 2006/0021050 A1, Cook et al.: Cook’s discloses a The invention a method and related computer program product and apparatus for assessing the security of a computer network. It includes a process executed by the analysis engine for generating TTD (“time to defeat” – TTD values or results are determined from TTD algorithms that estimate the time to compromise the target using potential attack scenarios as the attacks would occur if implemented on the environment analyzed) results using TTD algorithms 25 and attack trees 28 is shown. An attack tree is a structured representation of applicable methods of attack for a particular service (e.g., a service on a host, which is on a network) at a granular level. The attack trees are generated and evaluated to calculate 284 a time to defeat for a particular target. Multiple paths in the attack tree are analyzed to determine the path requiring the least time to compromise the target. These results are subsequently displayed 286. The attack tree structurally represents the vulnerabilities of a network, system and service such that the TTD algorithms can be used to calculate a time to defeat for a particular target.

	US-PGPUB 20200351298 A1 (Paturi et al.): Paturi discloses an apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. The cyber-attack likelihood can be derived as a probability-based time-to-event (TTE) measure using survivor function analysis. The likelihood probability measure can also be passed to cyber risk frameworks to determine financial impacts of the cyber-attacks. Embodiments of the present invention also relate to an apparatus and method (1) to identify and validate application attack surfaces and protect web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks; and/or (2) that protects web applications against business logic-based attacks, sensitive data leakage and privilege escalation attacks. This can include implementing an intelligent learning loop using artificial intelligence that creates an ontology-based 
	Embodiments of the present invention relate to cyber-risk quantification, testing, detection and prevention for computer software—particularly web applications. More particularly, embodiments of the present invention relate to the evaluation of new software to quantify the likelihood of an attack thereon as well as its vulnerabilities; testing software using offensive techniques; and/or detecting and preventing complex attacks in real time for software. Further, embodiments of the present invention relate to the field of computers, computer networks, web applications, databases, cloud computing, Internet of Things (IoTs) and cyber security. Specifically, embodiments of the present invention relate to quantifying the likelihood of exploiting vulnerabilities (using probability measures) within a target organization. The exploit likelihood for a given vulnerability is preferably derived using a survival analysis technique, which can also be combined with financial impact frameworks to quantify the cyber risk for target organizations.
US-PGPUB 20160285907 A1 (Nguyen et al.): Nguyen discloses cyber-attack scenario simulation system and method may include an aircraft simulator operable to generate an aircraft simulation, a cyber-attack generator operable to generate a cyber-attack simulation, a cyber defense generator operable to generate a cyber defense simulation, a scenario generator operable to generate a cyber-attack scenario including the cyberattack simulation and the cyber defense simulation and launch the cyber-
The present disclosure is generally related to data processing and, more particularly, to systems and methods for processing response data from a simulated cyber-attack scenario on an aircraft and proactively developing cyber defenses.
Nguyen’s disclosure relates to one or more aircraft systems and/or aircraft networks (generally referred to herein as "aircraft systems"). Aircraft systems may include any number of systems and/or networks of aircraft. Aircraft systems may include any high-level systems, operational subsystems and/or other resources (e.g., sensors, detectors, etc.) that are cooperatively configured to control essentially all operational aspects of aircraft and used during any phase of flight. Aircraft systems may be located inside aircraft 138, outside aircraft or a combination thereof.
However, none of the prior arts of record, alone or in combination, discloses all the limitations of the amended independent claims 1, 9 and 17, specifically they do not disclose the combination of claim limitations as recited in the amended independent claims, “building a list of possible mitigation processes based on a comparison of the respective times to perform each cyber-attack and the respective times to perform each mitigating process; receiving, from the sensor-based device, usage data for each of the plurality of features, wherein the usage data for a respective feature defines a percentage usage of the respective feature; modifying the list of possible mitigation processes to ignore each feature having a percentage usage above a predetermined threshold; selecting a mitigation process from the modified list of possible mitigation processes based at least in part on the associated risk levels; and completing, by the processor, the mitigation process selected from the modified list by modifying code of the sensor-based device”.
Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed because of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434