DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 04/26/2022.
Status of claims in the instant application:
Claims 1-2, 5-8, 10-14 and 16-20 are pending.
Claims 3-4, 9 and 15  have been canceled.
Claims 1, 5-6, 8, 11, 14 and 17-18 have been amended.
No new claims has been added.
Response to Arguments
Applicant’s arguments, see page [8] of the remarks filed on 04/26/2022, with respect to objection to claim 4 have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim objection is withdrawn.
Applicant’s arguments, see page [9] of the remarks filed on 04/26/2022, with respect to rejections of  claims under 35 USC 103 have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections are withdrawn.
Allowable Subject Matter
Claims 1-2, 5-8, 10-14 and 16-20 are allowed, but they are renumbered as claim 1-16.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 04/26/2022  in response to office action mailed on 04/01/2022. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
PGPUB US 20200012796 A1, Trepagnier et al.: Trepagnier discloses a system/method for determining a risk rating for software vulnerabilities. The system includes one or more computing devices that include a processor and a memory, and one or more databases holding data related to at least one of known software vulnerabilities and known exploits. The one or more computing devices are configured to execute at least one of a vulnerability module and exploit module. The vulnerability module when executed generates a vector space holding vectors for the known software vulnerabilities based on the data related to known software vulnerabilities. Each vector is associated with a set of characteristics of a corresponding known software vulnerability. The vulnerability module also groups the known software vulnerabilities into one or more sets of similar software vulnerabilities based on the characteristics. The exploit module when executed determines the applicability of one or more known exploits to individual software vulnerabilities represented in the one or more sets of similar software vulnerabilities using the data related to known exploits. The exploit module also determines a risk rating for each of the one or more sets of similar software vulnerabilities based on the determined applicability of the known exploits to individual software vulnerabilities represented in each of the one or more sets of similar software vulnerabilities and stores and associates the risk rating with a corresponding set of similar software vulnerabilities in a database. The vulnerability module is configured to retrieve data, such as but not limited to NVD-based data, relating to known software vulnerabilities from third party data sources and analyze the data to generate the vector space. In some embodiments, the analysis may include natural language processing of vulnerability descriptions found in the NVD.
PGPUB US 20180219908 A1, Tamir et al.: Tamir discloses an apparatus and associated method are provided for reducing a security risk in a networked computer system architecture. The method comprises receiving at a security computer external vulnerability data from an external source regarding vulnerabilities associated with an attack vector for configuration item (CI) data related to a (CI) device, of the networked computer system. The security computer accesses a configuration management database (CMDB) and the CI data related to the physical device is read. Trust zone data associated with the CI device is determined utilizing the CMDB, and the security computer performs a vulnerability calculation for the CI device utilizing the external vulnerability data and associated trust zone data. This is also done for a second CI device. The vulnerability calculations for both are compared and this comparison serves as a basis for prioritizing an action to be taken on the CI device or associated other network components. This disclosure relates in general to techniques and devices for reducing security risk in a networked computer system architecture that takes into account elements of the network structure.
PGPUB US 20180205755 A1 (Kavi et al.): Kavi discloses systems and methods providing adaptive vulnerability detection and management. Certain embodiments include monitoring system parameters of a cloud-based system, invoking a security ontology knowledge base configured to relate the monitored system parameters to unknown and known vulnerabilities, identifying, based on the monitored system parameters and the invoked security ontology knowledge base, one or more vulnerabilities of the system, and further, implementing a risk management technique for each of the identified one or more vulnerabilities of the system.
The present disclosure relates generally to detection and management of vulnerabilities and, more particularly, to adaptive and automated detection and management of vulnerabilities for cloud systems using ontology knowledge bases.
In certain embodiments, vulnerabilities OKB utilizes system classifiers, e.g., dynamic inputs provided to classify separate classes of vulnerabilities within vulnerabilities OKB. Classification may include various vendors in the cloud computing domain and various software or hardware components in each service level of cloud computing services. For example, a cloud computing domain could be classified into IaaS, PaaS, and SaaS sub-domains. For example, FIG. 4 illustrates a high level ontology design to represent various concepts within the cloud computing domain with a focus on Infrastructure as a Service (IaaS) model. In each of these domains, software and hardware components used in popular cloud computing vendors are associated, e.g., Xen hypervisor in the IaaS sub-domain, Google App Engine in the PaaS sub-domain, and Salesforce CRM in the SaaS sub-domain. The system classifiers are input into an indexer, and the indexer crawls through vulnerabilities OKB to create an index. For example, this may be demonstrated by FIGS. 6 and 7. FIG. 6 illustrates an exemplary ontology knowledge base that has been automatically instantiated using the ontology model shown in FIG. 4, demonstrating an OpenStack cloud system deployment. FIG. 7 illustrates a computed index knowledge graph leveraging both the fully generated ontology bases partially shown in FIGS. 5-6 to assess the given cloud system security posture in terms of the presence of any known vulnerability along with its coverage of whether it can be exploited or mitigated. The resulting index comprises vulnerabilities grouped according to the provided system classifiers. This index may then be used by a semantic natural language processing (SNLP) module to search vulnerabilities OKB 101 depending on a query, such as from a user attempting to identify a vulnerability and/or automatically by the system. The indexer may then identify all of the vulnerabilities related to software or hardware components listed in the system classifiers and groups them accordingly in the index.
PGPUB US 20130247205 A1 (Schrecker et al.): Schrecker discloses methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating quantitative risk metrics for assets and threats. Risk metrics are generated for individual assets and individual threats. These individual metrics can then be analyzed to generate aggregate risk metrics for assets, groups of assets, and threats. Assets and threats can be ordered according to their aggregate risk metrics.
An asset is a computer or other electronic device. A system of assets can be connected over one or more networks. For example, a home might have five assets, each of which are networked to each other and connected to the outside world through the Internet. As another example, a business might have three physically separate offices, each of which has many assets. The assets within each office and the assets across the offices can be connected over a network.
A network monitor 102 receives one or more of threat definition data 204, vulnerability detection data 206, asset configuration data 207, and countermeasure detection data 208. The threat definition data describes identified threats, what countermeasures (if any) protect assets from the threats, and the severity of the threat. The vulnerability detection data 206 specifies, for each asset and for each threat, whether the asset is vulnerable to the threat, not vulnerable to the threat, or of unknown vulnerability. The configuration data 207 specifies, for each asset, details of the configuration of the asset. The countermeasure detection data 208 specifies, for each asset, what countermeasures are protecting the asset.
The asset configuration data 207 is received from one or more configuration data source(s) 209. In some implementations, the configuration data source(s) 209 are one or more data aggregators. A data aggregator is one or more servers that receive configuration data, aggregate the data, and format the data in a format useable by the network monitor 102. The data aggregators can receive configuration data from the assets themselves or from the sensors monitoring the assets. Example data aggregators include McAfee ePolicy Orchestrator.RTM., available from McAfee of Santa Clara, Calif., and Active Directory.RTM., available from Microsoft Corporation of Redmond, Wash. For example, a data aggregator can maintain an asset data repository with details on asset configurations. Alternatively, the configuration data source(s) 209 are the assets and/or sensors themselves. When the configuration data source(s) 209 are the assets and/or sensors themselves, the configuration data is not aggregated when it is received by the network monitor 102, and the network monitor 102 aggregates the data itself.
The configuration of an asset is a hardware and/or software configuration. Depending on the configuration, various threats may be applicable to an asset. In general, the configuration of the asset can include one or more of the physical configuration of the asset, the software running on the asset, and the configuration of the software running on the asset. Examples of configurations include particular families of operating systems (e.g., Windows.TM., Linux.TM., Apple OS.TM.), specific versions of operating systems (e.g., Windows Vista.TM.), particular network port settings (e.g., network port 8 is open), and particular software products executing on the system (e.g., a particular word processor or a particular web server). In some implementations, the configuration data does not include countermeasures in place for the asset, or whether the asset is vulnerable to a particular threat.
PAT US 10834120 (Satish et al.): This discloses Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.
PGPUB US 20190052665 A1 (MAHIEU et al.): This discloses A computer security system, comprising: a first input, adapted to receive threat data representing security threats; a second input, adapted to receive vulnerability data representing security vulnerabilities; a processor adapted to: identify a specific vulnerability of a computer entity in dependence on the threat data and the vulnerability data; assign the specific vulnerability a risk rating in dependence on the vulnerability data and the threat data; and to generate output data comprising an identifier of the specific vulnerability and its risk.
PGPUB US 20200011784 A1(CHALUMURI et al.): An AI-based asset maintenance system accesses a variety of data sources related to an entity to analyze data regarding one or more damage mechanisms corresponding to the entity thereby identifying and implementing corrective actions that mitigate the effects of the damage mechanisms within the entity. The accessed data is stored using a parameterized data model that represents the entity. A trained parameter model identifies the most significant operating parameters for a given component of the entity for the damage mechanism affecting the component. A projection model is used to perform `what-if` analysis of the most significant operating parameters for determining the instances of minimum and maximum degradation due to the damage mechanism. Corrective actions for mitigating the degradation due to the damage mechanism can be determined based on analysis of the operating parameters and other attributes corresponding to the best and worst case degradation scenarios.
However, none of the prior arts of record, alone or in combination, discloses all the limitations of the amended independent claims 1, 8 and 14 specifically they do not disclose the combination of claim limitations as recited in amended independent amended claims, “comparing, by the one or more processors, the vulnerable computer system hardware resource to a computer system hardware resource in a particular computer system; and in response to the vulnerable computer system hardware resource matching the computer system hardware resource in the particular computer system, performing, by the one or more processors, a mitigation action that mitigates a vulnerability of the computer system hardware resource in the particular computer system to the malicious attack by reducing a functionality of the computer system hardware resource in the particular computer system until a solution is implemented that mitigates the vulnerability of the particular computer system to the malicious attack, wherein the mitigation action causes intermediate changes to the computer system hardware resource between a time that the CVE is released and a time that a vendor provides a patch to close the vulnerability of the computer system, and wherein the intermediate changes comprise limiting what devices are allowed to access the computer system, changing passwords required to access the computer system, changing a hardware configuration of the computer system, and applying a patch that stops access to the computer system”
Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed because of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434