DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections – 35 USC § 101

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites receiving information identifying open ports associated with an application…/one or more memories having computer-readable instructions stored therein; and one or more processors configured to execute the computer instructions… 
The limitation of receiving information identifying open ports associated with an application…, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “one or more memories…one or more processors…” nothing in the claim element precludes the step from practically being performed in the mind. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
i.e., as a generic processor performing a generic computer function of ranking information based on a determined amount of use) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the claimed limitations, amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Joy et al (Pub. No. US 20180278642).

As per claims 1, 8, 15, Joy discloses a method comprising: receiving information identifying open ports associated with an application (see par. 31); determining based on the information and common attack ports, an attack surface score for the application (…a vulnerability analyzer may store a candidate set of vulnerabilities…a candidate set of vulnerabilities is vulnerabilities that may potentially exist in a processing node…a vulnerability analyzer may determine vulnerability scores for the processing nodes…see par. 32-33); determining, based on the attack surface score, whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination; and implementing a vulnerability reduction policy based on the determination (…the routing engine analyzes the request received…and determines whether the request is of a type that may exploit any vulnerabilities detected in the set of processing nodes…the routing engine determines whether the request is associated with any attributes indicating that the request may exploit any vulnerabilities detected in the set of processing nodes…the routing engine may be associated with a particular policy configuration that specifies how to route the request if all processing nodes include a vulnerability that may be exploited by the received request…a policy configuration may provide that the request can be served if a vulnerability score of at least one processing node is below a threshold value…see par. 76-79).


As per claims 2, 9, 16, Joy discloses wherein the information includes identification of open ports and unused open ports associated with the application, a vulnerability score of the application, a process hash evaluation of the application, and an allowed ports list of the application (see par. 44).


As per claims 3, 10, 17, Joy discloses wherein determining the attack surface score is based on the information and one or more unused ports from the common attack ports (see par. 59-61).


As per claims 4, 11, 18, Joy discloses wherein determining the attack surface score is further based on a common vulnerability score associated with the application (see par. 59-61).


As per claims 5, 12, 19, Joy discloses closing one or more open ports to yield updated information on open ports associated with the application; and determining an updated attack surface score based on the updated information (see par. 45-46).


As per claims 6, 13, Joy discloses wherein the information is based on flow data of the application collected over a period of time, and the attack surface score is periodically determined (see par. 72).


As per claims 7, 14, 20, Joy discloses determining a weighted vulnerability score associated with a host on which the application is running, wherein the attack surface score is further based on the weighted vulnerability score of the host (see par. 59).




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to the field of workload security and computer networking…for determining an attack surface score for a workload and determine a security policy to implement to reduce the vulnerability of the workload.

Bade et al (Pub. No. US 2010/0268957); “Computer Workload Management with Security Policy Enforcement”;
-Teaches providing a management system which enables process migration from a source node to a candidate node while ensuring that the candidate node meets the security policy associated with the migrating process or machine…see par. 26.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 5712724219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about 





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2436