Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Reason for allowance
Claims 1-20 are allowed. The following is an examiner’s statement of reasons for allowance. After consideration of the applicant’s correspondence filed on May 15, 2020, through examination of the claims with application, and further search, the pertinent prior arts of record cited in PTO-892, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application taken as a whole, and the claims having the following particular features have been found in condition for allowance.
Claim 1: Identifying a particular signature from the multiple signatures, wherein the particular signature is specific for a particular type of computer asset, wherein the particular signature is code that causes a particular gateway to block an intrusion from reaching a particular computer asset that is of the particular type of computer asset, extracting the particular signature from the multiple signatures based on a particular asset context that is specific for the particular computer asset; and identifying a particular gateway that protects the particular computer asset; and installing the extracted particular signature from the multiple signatures only on the particular gateway.
Claims 7 and 14: Receiving multiple Intrusion Prevention System (IPS) signatures which are specific for different types of IPS gateways that protect different types of computer assets; identifying a particular IPS signature from the multiple IPS signatures, wherein the particular IPS 

The applicant’s current application discusses, in order to protect the computer assets, a gateway can be updated with solutions (signatures) to the latest known intrusions by a security vendor. The solutions (signatures) are specific to a particular intrusion that has certain code. When end users receive an updated signature, they often are unaware of what particular computer assets are behind different gateways, and updated signatures are often loaded onto all of the gateways used by an enterprise. This leads to decreased performance in the gateways since they become bogged down with irrelevant and unnecessary signatures. Therefore an effective process for correlating known vulnerabilities to certain computer assets with published vendor signatures are needed. 
The present invention utilizes a recommendation engine that gathers Common Vulnerability Exposure (CVE) information and other types of vulnerability information and scan data and evaluates a CVE base score, an attack vector, an impact score, an exploit score, a signature accuracy, a signature implementation impact, and a vendor recommendation (e.g., 
The present invention simplify the process of protecting against known vulnerabilities by automating prevention policy modification at scale and across a multitude of vendors. A given vulnerability identifier or vulnerability keyword, correlate it with protection rules from multiple vendors, and then query a customer's devices to determine whether they are currently protected. Based on data from vulnerability information repositories such as severity, access vector, and system impact, one or more embodiments of the present invention determine which risks should be prioritized.
The present invention makes a decision on the optimal IPS policy for the rule as well as provides a context for the priority level and time-sensitivity of the matter. If the system/user/analyst accepts the suggested configuration, one or more embodiments of the invention will proceed to automatically install the new policy (i.e., signature) or modify the existing policy/signature. Furthermore, one or more embodiments of the invention also check the version of the IPS database installed, and prompt the user/system/analyst to install the latest one, should an update exist.

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure are:

Devarajan US20200259792	 Discloses a cloud-based IPS enables IPS threat protection where traditional IPS systems cannot, namely, the cloud-based IPS follows users, no matter the connection type, location, device type, operating system, etc. Enterprise IT has always-on threat protection and visibility. The cloud-based IPS works across a full suite of technologies such as firewall, sandbox, Cloud Access Security Broker (CASB), Data Leakage Prevention (DLP), etc. to stop various types of attacks. The cloud-based IPS provides threat protection from botnets, advanced threats, and zero-day vulnerabilities, along with contextual information about the user, app, and threat. The cloud-based IPS is delivered as a cloud-based service, so inspection demands scale automatically, updates are immediate, and the need to manage hardware is removed.


Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business 





/TECHANE GERGISO/Primary Examiner, Art Unit 2494