DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment

This action is in response to the communications and remarks filed on 01/26/2022. Claims 1, 5-12, 14-16, and 18-19 have been amended. Claims 1-20 have been examined and are pending.
Response to Arguments
Applicant's arguments, see pages 9-11 of remarks, filed 01/26/2022, regarding the 103 rejections of Claims1-20 have been fully considered and are persuasive.  
Acknowledgement to applicant’s amendment to the abstract and claims 1 and 6 have been noted. The claim has been reviewed, entered and found obviating to previously raised objection for minor informalities. Objection to the abstract and claims 1 and 6 is hereby withdrawn.
The claims are now in condition for allowance.
Allowable Subject Matter
Claims 1-20 are allowed.
7.	The following is an examiner's statement of reasons for allowance: 
The closest prior art, as previously recited Barlow EP3304858 B1 and Datta Ray US20140380488A1, with newly identified Galchenko 20200036803 A1, Ford 20170041296 A1 and Dwrampudi 20180285204 A1 teaches an apparatus comprising: at least one processing platform comprising a plurality of processing devices;  5said at ¶0013: Sensors 104 can send their records over a high-speed connection to collectors 108 for storage. ¶0014: As sensors 104 capture communications, they can continuously send network traffic data to collectors 108. The network traffic data can relate to a packet, a collection of packets, a flow, a group of flows, etc. The network traffic data can also include other details such as the VM BIOS ID, sensor ID, associated process ID, associated process name, process user name, sensor private key, geo-location of a sensor, environmental details, etc. ¶¶0035, 0041, and 0043: Network environment 200 can include network fabric 212, layer 2 (L2) network 206, layer 3 (L3) network 208, endpoints 210a, 210b, ... , and 210d (collectively, "204"). Network fabric 212 can include spine switches 202a, 202b, ... , 202n (collectively, "202") connected to leaf switches 204. Network environment 200 can also integrate a network traffic monitoring system, such as the one shown in FIG. 1. as shown in FIG. 2, the network traffic monitoring system can include sensors 104a, 104b, ... , 104n (collectively, "104"), collectors 108a, 108b, ... 108n (collectively, "108"), and analytics module 110. Fig. 3 shows method 300 - interactions between analytics module 110, sensors 104 and a collector 108; begin with analytics module configuring the sensors to send packet logs to the collector (step 301), then identifying a collector or plurality of collectors and instructing the sensors to send packet logs to the identified collectors based on a predefined rule or formula. 0013: Sensors 104 can send their records over a high-speed connection to collectors 108 for storage. ¶0014: As sensors 104 capture communications, they can continuously send network traffic data to collectors 108. The network traffic data can relate to a packet, a collection of packets, a flow, a group of flows, etc. The network traffic data can also include other details such as the VM BIOS ID, sensor ID, associated process ID, associated process name, process user name, sensor private key, geo-location of a sensor, environmental details, etc.];¶0013: Sensors 104 can "sniff" packets being sent over its host network interface card (NIC) or individual processes can be configured to report traffic to sensors 104. This sensor structure allows for robust capture of granular (i.e., specific) network traffic data from each hop of data transmission. ¶0014: As sensors 104 capture communications, they can continuously send network traffic data to collectors 108. The network traffic data can relate to a packet, a collection of packets, a flow, a group of flows, etc. The network traffic data can also include other details such as the VM BIOS ID, sensor ID, associated process ID, associated process name, process user name, sensor private key, geo-location of a sensor, environmental details, etc. ¶0043: summary of packet types, packet logs, metadata information. ¶0100: when sensors are compromised snapshots are taken in intervals; inferred statistics and details based on the topology and the relationships between sensors]; applying one or more parameters of a plurality of parameters to the identified asset and user-asset relationships to determine one or latency as a network characteristics; ¶0022: analytics module 110 can create reaction expectations. ¶0045: The collector can then receive the packet logs (step 308) sent from multiple sensors, including the packet log described above. The collector can then determine that the log describes a flow (step 310). A flow can be a connection between two endpoints in a datacenter. Step 310 can be achieved by comparing the description of the packets in the packet logs; for example, determining that the source address, destination address, size, sequence number, protocol, timestamps, etc. ¶0194: applying a calculated latency for the reported data] and situational changes, control implementations, and adjustments thereof, and other transitions in OT systems, IT systems, and the security threat environment. ¶0080-0081: Changes in control postures include, for example, lower level security control changes through modifications in encryption strength; trigger a statistically out-of-range alert for the relevant business process rule. The formal risk analysis engine prioritizes this particular analysis process]; wherein, identifies a volume of communications for a given asset of at least one of a given asset relationship and a given user-asset relationship; [Galchenko 20200036803 A1, ¶0038: 
However, none of Barlow, Datta Ray, Galchenko, Ford and Dwrampudi teach or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, claims 1, 16, and 19.  For example, none of the cited prior art teaches or suggest transmitting the one or more designations to a second operational management system to trigger a risk management workflow based at least in part on the one or more designations; wherein the one or more parameters comprises a rule that if the identified volume of communications exceeds a threshold volume, then the given asset is designated as a high priority asset for the risk management workflow; and wherein the given asset is dynamically identifiable as a component of at least one of the given asset relationship and the given user-asset relationship based at least in part on the usage data comprising one or more of packet activity data, source data and destination data, in view of other limitations of claims 1, 16, and 19.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably 
The closest prior art made of record are:
Galchenko 20200036803 A1 teaches directed towards a communication connection representor comprising a network monitor for interpreting a communication session notification initiated within a network, the communication session comprising an Internet protocol (IP) address of an initiating device, routing information, and a session type. The representor also comprises an activity detail collector for collecting and storing activity detail in a database, the activity detail comprising at least the IP address of the initiating device, an IP address of the destination device, the session type, a session duration, and a time stamp. The representor further comprises an evaluator for assessing the collected activity detail, using a set of weighted values. The representor further comprises a constructor for aggregating the assessed activity detail into a representation comprising a connection graph. The representor further comprises a controller capable of receiving the communication session notification and transmitting the connection graph to a display device. (¶¶0076, 0080, 0085, 0098, and 0107-0118).
Schlarman 8478628 B1 teaches system and method for risk assessment of compliance are disclosed. A database is provided, which contains mapped compliance data components related to regulations, requirements, policies and standards, controls, and assets. Users can specify the weighting of the data components based on the user's business requirements. Manual and 
Ford 20170041296 A1 teaches an improved secure exchange system features include a federated search facility, hybrid encryption management (adjustable encryption key management), anonymous IRM, disassembled storage of data as chunks rather than files, asynchronous notification process/integrated file upload and messaging, an identity facility, multi-factor authentication, dynamic access authorization, and various enhancements to a customizable exchange system. (¶¶0041, 0067-0076, 0100, 0107-0113, 0131-0132, 0140, 0143, 0147, 0151, 0156-0158, 0166-0168, 0171, 0173, 0231-0238, and 0243-0250).
Yu 20160379296 A1 teaches an autonomous interaction decision support apparatus to provide the operator of an e-commerce business with a recommendation of which received orders to perform. The apparatus autonomously tracks situational information comprising the existing level of work of the e-business, for each of multiple products and/or services offered by the business, and also a desired level of work. In this way, the 
Belanger 20190340684 A1 teaches a process, including: obtaining interaction-event records; determining, based on at least some of the interaction-event records, sets of event-risk scores, wherein: at least some respective event-risk scores are indicative of an effective of a respective risk ascribed by a first entity to a respective aspect of a second entity; and at least some respective event-risk scores are based on both: respective contributions of respective corresponding events to a subsequent event, and a risk ascribed to a subsequent event; and storing the sets of event-risk scores in memory. (¶¶0005 and 0032).
Raleigh 20170201850 A1 teaches a master wireless device and a child wireless device execute respective device activation sequences. On the child wireless device, the activation sequence displays, on a display of the device, a non-textual image representing a unique child device credential. On the master wireless device, the activation sequence prompts a user to capture a digital picture of the child wireless device screen. The master wireless device presents its own credentials, along with information from the digital picture, to a service management system in a network, allowing the service management system to verify that the master wireless device is associated with a subscriber and is allowed to configure a child device, as well as verify the child device. Upon successful verification, the service management 
Sharp 20160012465 A1 teaches system for performing various methods of sending, receiving, distributing, and utilizing funds and/or credits is disclosed. In many embodiments, various communications platforms and/or protocols may be employed. Methods of sending funds or credits may be practiced in different environments, including physical and electronic environments. According to some preferred embodiments, users may perform a variety of transactions including various gifting functions, re-gifting functions, and social interactions simply, through various types of electronic communications, including, but not limited to electronic messaging. (¶¶0020 0022-0033, 0037, 0050, 0057, 0076-0087).
Alairys CA2388624C teaches an execution architecture, a development architecture and an operations architecture for a netcentric computing system. The execution architecture contains common, run-time services required when an application executes in the netcentric computing system. The development architecture is the production environment for one or several systems development projects as well as for maintenance efforts. The purpose of the development environment is to support the tasks involved in the analysis, design, construction, and maintenance of business systems, as well as the associated management processes. It is important to note that the environment should adequately support all the development tasks, not just the code/compile/test/debug cycle. The operations architecture is a 
Dwrampudi 20180285204 A1 teaches an information management cell health monitoring system is provided herein that can monitor one or more information management systems, identify any performance issues that are occurring within an information management system, and automatically, or in response to a user input, transmit an instruction to the information management system to execute a workflow to resolve the performance issue(s). For example, the information management cell health monitoring system receives operational data, secondary copy policies, and/or similar data from an information management cells via a network. The information management cell health monitoring system analyzes the received information to identify any issues. If an issue is detected, the information management cell health monitoring system retrieves workflows and determines whether any of the workflows can be used to resolve the detected issue. The information management cell health monitoring system transmits a workflow that resolves the detected issue to the information management system for execution. (¶¶0067, 0092, 0124-0125, 0150, 0160, and 0186-0188)
Gargiulo WO2014/047069 A1 teaches system, methods, and computer program products are provided for interfacing between one of a plurality of service provider (SP) trusted service managers (TSM) and one of a plurality of secure elements (SE). A first request to renew a service is received from an SP system over a communications network. The first request includes a 
Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  






/Sakinah White Taylor/Primary Examiner, Art Unit 2497