DETAILED ACTION
 	 	Claims 1-20 are presented for examination on the merits.
Notice of Pre-AIA  or AIA  Status
 	The present application is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 10/10/2019 are accepted by the examiner.
Priority
The application is filed on 10/10/2019 and claims priority of  provisional
application 62/835,415 filed on 04/17/2019
				 
 				Claim Rejections - 35 USC § 103
1.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
2.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

4.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

5.	Claims 1-7, 9, 11-15, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Fong  (US 20190197244 A1, hereinafter, Fong) in view of Katragadda et al. (US 20200084242 A1, hereinafter, Katragadda).
 	Regarding claim 1, Fong discloses a method for performing penetration testing (Abstract: testing system vulnerabilities), comprising: 
 	generating, based on reconnaissance data collected from an environment, a set of potential attack vectors for the environment (Paragraph 0037: <Payload>* tends to be static, and there can be thousands of permutations for a single probe. Collections of payloads make up “rulesets”, which may be made from known attack vectors); 
 	[classifying a subset of the potential attack vectors as viable attack vectors for the environment] based on features associated with the set of potential attack vectors 
 	applying a generative model to the viable attack vectors to produce a set of payloads for the viable attack vectors (Paragraph 0054: a training model using reinforcement learning algorithm may be leveraged to generate policy and the policy may be classified on a trained model by a machine learning agent as further described in detail below. Lastly, the generated policy may be scored, and the score may be fed back to the training model in order to improve payload construction until it hits an acceptable confidence (e.g. a score of 98+ out of 100).); and 
 	dispatching the set of payloads to the environment to assess security vulnerabilities in the environment (Paragraph 0031: there are several approaches to finding system or application vulnerabilities: static analysis, dynamic/blackbox testing, and glassbox testing. Static analysis generally requires a person to look at programming code and pointing out problems thereof. Blackbox testing generally requires a person to poke at the application and see what happens, with no visibility to the backend programming code).
 	Fong does not explicitly states but Katragadda from the same or similar fields of endeavor teaches classifying a subset of the potential attack vectors as viable attack vectors for the environment (Katragadda Paragraphs 0147, 0151, 0161: user is able to drill down for any selected or particular node within the group of nodes 111. The events are viable payloads that can be transferred between each node of the group of nodes 111. The transfer of events information as payloads between each node of the 
  	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to classify a subset of the potential attack vectors as viable attack vectors for the environment as taught by Katragadda in the teachings of Fong  in order to detect malware vulnerabilities in computational environments where . The method includes receiving input data distributed among a plurality of nodes within a particular network, receiving the input data into a curator engine to transform or analyze the transaction based on a predetermined set of rules, converting the payload into a data file, evaluating the data file, aggregating the data file for a plurality of behavior models, and converting the data file into a valid message payload with a header (Katragadda, Abstract).
 	Regarding claim 2, the combination of Fong  and Katragadda discloses the method of claim 1, further comprising updating the generative model based on outcomes associated with the dispatched payloads (Fong   Paragraph 0040: since the machine learning agent iteratively updates the machine learning model to generate action data based on incremental feedback of the system and computer application.).
 	Regarding claim 3, the combination of Fong  and Katragadda discloses the method of claim 2, wherein updating the generative model based on the outcomes associated with the dispatched payloads comprises: classifying an outcome associated 
 	updating parameters of the generative model based on the classified outcome (Paragraph 0070: Scoring engine 320 may be configured to analyze all the policies, each associated with a respective reward level, and to generate or update machine learning (ML) rules in the learning model 340 for generating payloads with maximum rewards based on the analysis. The ML rules may be iteratively refined in each cycle in order to construct more effective payloads (i.e., payloads likely to cause high positive rewards) from the action space.).
 	Regarding claim 4, the combination of Fong and Katragadda discloses the method of claim 1, further comprising collecting the reconnaissance data from the environment (Fong, Paragraph 0077: core of utilization is returned to the agent based on the monitoring of the system resources; in some embodiments, the score may be aggregated score combining a plurality of scores, each score corresponding to a monitored system resource. At step 209, a corresponding reward score for the action data is determined based on the score of utilization).
 	Regarding claim 5, the combination of Fong  and Katragadda discloses the method of claim 4, wherein collecting the reconnaissance data from the environment comprises at least one of determining a topology of the environment and identifying components in the topology (Fong   Paragraphs 0067, 0070, 0100, he monitored 
 	Regarding claim 6, the combination of Fong  and Katragadda discloses the method of claim 1, wherein generating the set of potential attack vectors for the environment comprises permuting input parameters to the environment (Paragraph 0067: e monitored environment 350 may return an outcome to the agent 310 specific to the submitted payload. In some embodiments, the agent 310 may be configured to monitor the environment 350 and detect current values of one or more parameters representing a state of one or more components of the environment, such as CPU 351, processes 353, and memory buffer or registers 355. The current values of the one or more parameters may inform the outcome returned to agent 310).
 	Regarding claim 7, the combination of Fong  and Katragadda discloses the method of claim 1, wherein classifying the subset of the potential attack vectors as the viable attack vectors for the environment comprises at least one of: encoding the features associated with the set of potential attack vectors (Fong, Paragraph 0030: testing may involve injecting an arbitrarily large amount of data into an application, such as strings including foreign encoding characters, which may be used to exploit potential memory overflow issue of the application under test); 

	Regarding claim 9, the combination of Fong and Katragadda discloses the method of claim 1, wherein applying the generative model to the viable attack vectors comprises: applying a generator in the generative model to attributes of the viable attack vectors to produce a set of potential payloads (Fong Paragraphs 0069-0070: generating payloads with maximum rewards based on the analysis. The ML rules may be iteratively refined in each cycle in order to construct more effective payloads (i.e., payloads likely to cause high positive rewards) from the action space. Once a pre-determined threshold of positive rewards and policies have been found, the agent 310 may determine that the learning or training is now complete and may be configured to generate one or more policies that are associated with high positive reward to test the system); and 
 	applying a discriminator in the generative model to the set of potential payloads to identify a subset of the potential payloads as indistinguishable from real payloads (Fong Paragraph 0069-0070: the learning model 340 may be trained to “learn” about 
  	Regarding claim 11, the combination of Fong and Katragadda discloses the method of claim 1, wherein the features associated with the set of potential attack vectors comprise at least one of an attribute of the environment, a response body, a response header, a response time, and an error code (Fong, Abstract: nput data into a curator engine to convert the at least one input data into a payload having at least one message header, receiving the payload having the at least one message header into a transaction engine, and storing the payload having the at least one message header into a blockchain database. The method continues by processing the payload having the at least one message header to make a decision to transform or analyze the transaction)
 	Regarding claim 12, the combination of Fong and Katragadda discloses the method of claim 1, wherein the environment comprises at least one of a host, a set of hosts, a domain, an application, a web service, a database, a website, a protocol, and a distributed system (Fong Paragraph 0062, 0117: a server can include one or more computers operating as a web server, database server, or other type of computer server in a manner to fulfill described roles, responsibilities, or function).
    	Regarding claim 13; Claim 13 is similar in scope to claim 1, and is therefore rejected under similar rationale.
 	Regarding claim 14; Claim 14 is similar in scope to claim 1, and is therefore rejected under similar rationale.
 	Regarding claim 15; Claim 15 is similar in scope to claim 9, and is therefore rejected under similar rationale.
  	Regarding claim 17; Claim 17 is similar in scope to claim 2, and is therefore rejected under similar rationale.
 	Regarding claim 18; Claim 18 is similar in scope to claim 3, and is therefore rejected under similar rationale.
 	Regarding claim 19; Claim 19 is similar in scope to claim 11, and is therefore rejected under similar rationale.
 	Regarding claim 20; Claim 20 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Allowable Subject Matter 

6.	Claims 8, 10, and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
Examiner Notes 
7.	The Examiner notes that incorporating the combined limitations of claims 3, 5, 6 into independent claim 1 would better clarify the subject matter/embodiment of claimed invention. Similarly, amending independent claims 13 and 20 with aforesaid claim limitations from respective dependent claims would help advance the prosecution as it would clarify the claimed invention. 
Conclusion
8. 	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Smith et al. (US 20180152469 A1) discloses methods for controlling operations of a computer network (100). The methods involve: generating programming instructions implementing a first mission plan (2100) specifying which identity parameters of packets are to be transformed during specific time periods.
Gathala et al. (US 20180077195 A1) discloses computing devices implementing the methods, that enable client computing devises to work in conjunction with a server device to identify and temporarily defend against non-benign applications (e.g., malware, etc.) and other threats before a more permanent solution or defense (e.g., a patch or software upgrade) becomes available and installed on the client computing device.
9.	In an effort to advance compact prosecution, with respect to any amendments to the claimed invention, the applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.  
Moreover with respect to advancing compact prosecution, if the applicant intends to make numerous amendments, the examiner respectfully requests that applicant submit a clean copy of the claims in addition to the marked up copy of the claims in order to expedite the examination process by allowing for accurate optical character recognition (OCR) of the claims.
.
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHFUZUR RAHMAN whose telephone number is (571)270-7638.  The examiner can normally be reached on Monday thru Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-88788593.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAHFUZUR RAHMAN/Primary Examiner, Art Unit 2498