DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Applicant(s) Response to Office Action
The response filed on 3/9/2022 has been entered and made of record.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/9/2022 has been entered.

Response to Amendment/Remarks
Claims 1, 2, 4, and 21-22 have been amended.  Claims 10-17 have been cancelled.  Claims 1-7 and 20-22 remain pending in the application.

Applicant's remarks and/or amendments to claims have overcome each and every claim objection and rejection under 35 U.S.C. 112(b) and 112(a) previously set forth.  Accordingly, said claim objections and rejections as articulated therein are withdrawn.

Applicant's remarks regarding 35 USC 103  have been fully considered and are moot in light of new grounds of rejection necessitated by applicant’s amendments.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-7, and 20-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cohen et al. (US 2005/0193430 A1), in view of Falodiya et al. (“Security Vulnerability using Ontology-based Attack Graphs”, 2017, IEEE, 2017 14th IEEE India Council International Conference (INDICON), pp 1-5); in view of Noel et al. (US 2017/0289187 A1).

Regarding claim 1, Cohen teaches:
“A method of searching for an attack path (Cohen, Fig. 2, ¶ 57-66 teach a computer implement system to search for attack paths), the method comprising: 	generating an attack graph by using information (Cohen, ¶ 27-32, and 46, attack graph is generated based on the states of various computing entities); 	generating an attack graph ontology for the attack graph (Cohen, ¶ 33, edges connect nodes of the graph representing vulnerability actions); 	generating a semantic attack graph by imparting semantics to the attack graph on the basis of the attack graph and the attack graph ontology (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed. Cohen Fig. 5 depicts an example of this);  	searching for an attack path from the semantic attack graph to identify one or my security vulnerabilities (Cohen, ¶ 34-37, 48-52 and 54 the graph is traversed from various start points to various endpoints to identify possible attacks through attack paths of the graph to , i.e., Cohen ¶ 37and ¶ 54) by generating an instance of the semantic attack graph (Cohen, ¶ 34 user enters the start and end points for analysis of attack paths); and 
outputting a result of the searching for the attack path (Cohen, ¶ 61, and 63-64 analytic engine generates an output of the search results which is delivered to the report generator which is then delivered to the user through the graphical user interface)”.
Cohen does not, but in related art, Falodiya teaches:	“by determining a relationship between two nodes in the attack to a property, and imparting the property to an edge connected between the two nodes (Falodiya, Figs. 2, 3, Table III and Algorithm 1 depict and describe creating edges between subjects and objects and relating them with a predicate value);
attack graph comprising a vulnerability node (Falodiya, Fig. 3, and Table III depicts exemplary objects as vulnerabilities, hosts, admin privileges, and attacks);
wherein the property comprises a subject, a predicate , and an object (Falodiya, Fig. 3, and Table III depicts subjects and objects and relating them with a predicate value), and 
wherein the subject comprises information on the subject of an action (Falodiya, Fig. 3, and Table III depicts exemplary subjects as hosts and attacks), the predicate comprises information on the action of the subject and the relationship between the subject and the object (Falodiya, Fig. 3, and Table III depicts exemplary predicates connecting subjects and objects including “has”, “performs” and “includes”), and the object comprises information on a configuration on which the action of the subject is performed (Falodiya, Fig. 3, and Table III depicts exemplary objects as vulnerabilities,, admin privileges and attacks)” .
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Cohen and Falodiya, to modify the graph based attack detection system of Cohen to include the ontology based attack graph vulnerability analysis as taught in Falodiya.  The motivation to do so constitutes applying a known technique (i.e., ontology based attack graph vulnerability analysis) to known devices and/or methods (i.e., the graph based attack detection system) ready for improvement to yield predictable results.
	Cohen in view Falodiya does not, but in related art, Noel teaches:
	“attack graph comprising a state node, device information, and component information based on the attack graph ontology (Noel, Figs. 2, 4 and 5 as well as ¶ 27-28, 30-31, 34-35, 39, and 41-47 depict and describe a first graph comprising comprehensive information about graph ontology followed by subgraphs representing attack graphs comprising state and vulnerability nodes.  Noel, ¶ 39 demonstrates that the nodes contain information about the device including its unique MAC address and information regarding the software components of the system)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Cohen, Noel, and Falodiya, to modify the graph based attack detection system of Cohen in view of Falodiya to include the specific  attack graph vulnerability analysis with various information as taught in Noel.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.
  
Regarding claim 2, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the searching for the attack path further comprises: 	generating an attack path for the instance of the semantic attack graph (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed.  Cohen Fig. 5 depicts an example of this)”.

Regarding claim 3, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 2 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the searching for the attack path is performed on the basis of the generated attack path (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed)”.

Regarding claim 4, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the generating of the attack graph comprises configuring the state node in the attack graph, in which the state node includes status information and vulnerability information of a host (Cohen, ¶ 29-32 graph nodes contain a state of a given service or device including their vulnerability information which sets logical constraints on the actions that it can use to reach additional nodes)”.

Regarding claim 5, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the generating of the attack graph comprises generating a network path between two hosts in the attack graph (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed)”.

Regarding claim 6, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the generating of the attack graph comprises: 	receiving, as an input, a network reachability between two hosts (Cohen, ¶ 34 user enters the start and end points for analysis of attack paths), 	determining whether an attack is to occur on the basis of a vulnerability (Cohen, ¶ 53-56, the likelihood that an attack will occur is determined based on aspects of the vulnerability), and 	generating the attack path (Cohen, ¶ 37, and 47-48 the graph traversal of the nodes connection nodes with edges representing actions that when complete creates a semantic attack graph of for a group of connected assets being analyzed)”.

Regarding claim 7, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the information includes at least one of information selected from among host information, network topology information, (Cohen, ¶ 28-32 the information includes network topology information and information about the states of the host machines)”.

Regarding claim 20, Cohen in view of Falodiya in view of Noel teaches:
“A non-transitory computer readable medium storing instructions that, when executed by the processor (Cohen, ¶ 16 teaches a computer readable storage medium to perform the method steps), cause the processor to perform the method of claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above). 

Regarding claim 21, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the object comprises any one or any two or more of the vulnerability node, a host device, and a component privilege (Falodiya, Fig. 3, and Table III depicts exemplary objects as vulnerabilities, hosts, admin privileges, and attacks). 

Regarding claim 22, Cohen in view of Falodiya in view of Noel teaches:
“The method according to claim 1 (Cohen in view of Falodiya in view of Noel teaches the limitations of the respective parent claims as discussed above), wherein the predicate comprises any one or any two or more of "exploit," "has," (Falodiya, Fig. 3, and Table III depicts exemplary predicates connecting subjects and objects including “has” and “exploits”)”. 
Conclusion
	In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/STEPHEN T GUNDRY/Examiner, Art Unit 2435