Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant's arguments filed 12/15/21 have been fully considered but they are not persuasive. 
Applicant's arguments do not comply with 37 CFR 1.111(c) because they do not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections.

Applicant has asserted that the prior art does not teach the current amendment.  
Examiner asserts that on its face, the amendment is merely a manipulation of data, and the terms of data manipulation are vague and generic.  For example, Ahuja teaches an index of computing policies, updating said indexes, with computing policies, where said data identifies features (OS version, patches, etc) and indicates an instruction (apply patch to said OS). 
Applicant has provided no further rationale of why the amendment overcomes Ahuja.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9-13, 15-18, 20  is/are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja US 2018/0103064 in view of Nickolov US 10,142,204

As per claims 1, 12, 17  Ahuja teaches A method comprising: 


Accessing by a processing device a computing policy comprising a policy entry, updating by the processing device, an index data structure to comprise data for the policy entry wherein the data identifies a computing feature corresponding to the policy entry and indicates an instruction corresponding to the computing feature, and transmitting the instruction to a computing device of a computing environment that comprises the computing feature, receiving environment data of a computing environment, the environment data comprising a configuration value of a computing device in the computing environment; [0075][0085][0086][0090][0091][0098][0099][0103][0104]  (teaches obtaining environment data of a computing environment, patch state, operating system, etc, and accessing an index 


Nickolov teaches determining, by a processing device, whether a security vulnerability exists based on the environment data and the index data structure; and providing feedback regarding the security vulnerability and the computing policy.   (Column 2 lines 50-65; Column 3 lines 8-32)  (teaches analysis of the environment data for security vulnerability and provides feedback to user)
It would have been obvious to one of ordinary skill in the art to use the security of Nickolov with the policies of Ahuja because it increases the security of the servers.

As per claims 2. Ahuja teaches The method of claim 1, further comprising transmitting, by the processing device, instructions to a plurality of computing devices of the computing environment; receiving device data of the plurality of computing devices in response to the instructions; and deriving the environment data in view of the device data, wherein the environment data indicates a configuration of the computing environment.  [0085][0086] (security service gets the environment data from the server including software versions, OS, patch data, etc)

As per claims 3, 13, 18 Nickolov teaches The method of claim 1, wherein the computing policy comprises an Extensible Markup Language (XML) file, and wherein the entry is extracted 
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the XML format of Nickolov with the prior art because it is a well known compatible format.

As per claims 4. Ahuja teaches The method of claim 1, further comprising: accessing a plurality of computing policies from one or more sources, wherein the plurality of computing policies comprises the computing policy; detecting a plurality of entries of the computing policy; determining multiple computing features that correspond to a single entry of the plurality of entries; and   generating index data structures for the computing policies, wherein one of the index data structures associates the single entry with the multiple computing features.  [0089][0090][0091][0098][0099][0104]  (teaches that computing policies are matched to environments/computing features and additionally associates said computing policy containing multiple features to a server/server list index)

As per claims 5. Ahuja teaches The method of claim 4, wherein the plurality of computing policies are different versions of the computing policy and are received from a single source, and wherein there are multiple corresponding versions of the index data structure.  [0090][ Figure 7]  (central database)
Nickolov teaches multiple corresponding data structures (Column 18 lines 7-14) (Column 21 lines 5-25)  (teaches policies, properties, telemetry data, vulnerability data, etc is from a plurality of sources)


As per claims 6. Nickolov teaches The method of claim 4, wherein the plurality of computing policies are different computing policies received from different sources, and wherein the index data structure is a composite index data structure associated with a plurality of index data structures.  (Column 18 lines 7-14) (Column 21 lines 5-25)  (teaches policies, properties, telemetry data, vulnerability data, etc is from a plurality of sources that are taken into account by crowd sourcing)


As per claims 9, 15, 20 Ahuja teaches The method of claim 1, wherein the feedback comprises at least one of a remediation task, a visualization, or an artifact.  [0103] (patch update)

As per claims 10, 16 Nickolov teaches The method of claim 9, wherein the visualization indicates one or more violations of the computing policy and comprises data indicating one or more computing devices and one or more entries of the computing policy.  (Column 79 line 60 to Column 80 line 35) (visual report including devices and needed upgrades based on security vulnerability)


As per claims 11. Ahuja teaches The method of claim 1, further comprising selecting a version of the index from a plurality of versions of the index based on user input.  [0099] (teaches admin/user configuration that customizes index/security policy selection)

Claim 7, 8, 14, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja US 2018/0103064 in view of Nickolov US 10,142,204 in view of Ramachandran US 2019/0098054

As per claims 7. Ramachandran teaches The method of claim 1, wherein the computing policy includes an update to a prior version of the computing policy and wherein generating the index data structure comprises updating a prior version of the index data structure.  [0081] (teaches keeping history of policies and versions and rolling back said policies)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the history of Ramachandran with the prior art because it provides stability.

As per claims 8, 14, 19 Ramachandran The method of claim 7, wherein the index data structure and the prior version of the index data structure are concurrently accessible to the processing device.  [0042][0044] [0080] (teaches index of tags that are accessible)
See also Ahuja [0091][0104] (server index is changed and accessible at all times)


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to 






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439