DETAILED ACTION
This office action is in response to the application filed on 1/23/2020.  Claim(s) 1-27 is/are pending and are examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 7/29/2021 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto. 

Examiner’s Note – Allowable Subject Matter
Claims 9 and 25 are objected to as being allowable yet remain dependent upon a rejected claim and would otherwise be allowable if incorporated into the base claim along with any intervening claim.
	A similar condition exists with claim 17 with the added necessity for the claim to overcome the rejections under 35 USC 112 set forth below.

Claim Objections
Claim(s) 2 is/are objected to because of the following informalities: The examiner suggests the following corrections:Claim 2:
The claim does not end with a period “.”.  Each claim begins with a capital letter and ends with a period. Periods may not be used elsewhere in the claims except for abbreviations. Please see MPEP 608.01(m), Fressola v.Manbeck, 36 USPQ2d 1211 (D.D.C. 1995).

 Examiner’s Note – Claim Interpretation in view of Ex parte Schulhauser
MPEP 2111.04 II Contingent Limitations instructs the examiner that the broadest reasonable of claims 1 and 2 is only : “A method for securing a networked computer system hosting an application, the method comprising: identifying a vulnerable computer resource in the networked computer system; identifying a remediation action; determining whether the remediation action is a safe remediation action that does not reduce availability of the application on the networked computer system or an unsafe remediation action that reduces availability of the application on the networked computer system”. 	Examiner recommends replacing claim language related to the word “if” with “in response to” or the like.
Claim Interpretations - 35 USC § 112(f)
The following is a quotation of 35 U.S.C. 112 (f): 
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
	As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
	Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
	Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  
Such claim limitation(s) is/are: 	“a scanner identifying a vulnerable computer resource in the networked computer system” in claim 1; 	“a remediation actions selector identifying a remediation action” in claim 1; 	“an application availability analyzer determining whether the remediation action is a safe remediation action that does not reduce availability of the application on the networked computer system or an unsafe remediation action that reduces availability of the application on the networked computer system” in claim 1; 	“a remediations implementer implementing the remediation action if it is the safe remediation action to secure the networked computer system” in claim 1;
	“a reachability analyzer determining what computer resources in the networked computer system are accessible from, or are accessed by, the vulnerable computer resource” in claim 12;
	“reachability analyzer analyzes traffic flows between the computer resources over a period of time to identify vulnerability paths from the vulnerable computer resource to other computer resources in the networked computer system” in claim 13;
	“reachability analyzer determines whether the vulnerability paths lead to a critical computer resource used in execution of the application” in claim 14;
	“a safe remediations planner configured to, if the remediation action is determined to be an unsafe remediation action, convert the remediation action into the safe remediation action, wherein the safe remediation action includes closing open access to the critical computer resource over the vulnerability path to all users and providing specific access to the critical computer resource to the application” in claim 15;
	“a blast radius determiner determining a blast radius of the vulnerable computer resource by determining what computer resources are directly or indirectly attached to the vulnerable computer resource” in claim 16.

	Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112 (b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claim(s) 10-17 is/are rejected under 35 U.S.C. 112 (b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Regarding claim(s) 10, and 12-16, recite the limitations denoted in the section above which invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification is devoid of adequate structure for performing the claimed function.
	Claim 10 provides a processor and a memory to perform method steps.  However, the functional unites are presented separate from these components.  MPEP 2181 II B ¶ 4 states “To claim a means for performing a specific computer-implemented function and then to disclose only a general purpose computer as the structure designed to perform that function amounts to pure functional claiming”. Further, MPEP 2181 II B ¶ 3 states that only the processes of receiving, saving and processing do not require a disclosed algorithm.
	Therefore, the claims are indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
	Dependent claim(s) 11 and 17 is/are rejected for the reasons presented above with respect to rejected claim(s) 10 in view of their dependence thereon.
	Examiner recommends simply modifying the language of claim 10 to refer that the processor is executing all of the functional structures.

Applicant may:
	(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph;
	(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
	(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
	If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
	(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
	(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
	
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112 (a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
	Claim(s) 10-17 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
	As described in detail above, the disclosure does not provide adequate structure to perform the claimed functions. The specification does not demonstrate that the applicant has made an invention that achieves the claimed function because the invention is not described with sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor had possession of the claimed invention.
Dependent claim(s) 11 and 17 is/are rejected for the reasons presented above with respect to rejected claim(s) 10 in view of their dependence thereon. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim(s) 26-27 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without adding significantly more.  The analysis is as follows: Step 1: The claims are directed to a method.Step 2A Prong 1: Claims 26 and 27 recite mental processes.  The limitations of “generating behavioral models of the computer resources; using the behavioral models as training data for machine learning to learn a safe remediation action for the networked computer system that does not impact application availability” of claim 26 and “wherein the machine learning learns from the behavioral models which particular computer resources in the networked computer system are affected by the safe remediation action and learns what access controls or modifications to the particular computer resources are implemented by the safe remediation action” of claim 27 are mental processes.  Simple examples of these processes which are incorporated by the broadest reasonable interpretation are commonly worked out on paper in textbooks.  Step 2A Prong 2: The judicial exception is not integrated into a practical application.  The only other limitation in Claim 26 is “monitoring behavior of computer resources of the networked computer system over a period of time” which is simply a broadly recited data gathering step which is an extra solution activity that does not integrate the judicial exception into a practical application. Accordingly, these limitations do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.  Thus, the claim is directed to an abstract idea with information being ephemerally manipulated and is mental process.
	Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception.  As discussed above, the limitation in Claim 26 “monitoring behavior of computer resources of the networked computer system over a period of time” is a broadly recited data gathering step which is an extra solution activity that does not integrate the judicial exception into a practical application.  Mere instructions to apply an exception using generic computer components cannot provide an inventive concept.  In this case, the claims do not even provide generic computer components.  The claims are not patent eligible.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3, 10-12, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Adams et al. (US 2017/0324756 A1), in view of Urias et al. (US 2021/0152590 A1). 

Regarding claims 1 and 2, Adams teaches:
“A method for securing a networked computer system hosting an application, the method comprising: 	identifying a vulnerable computer resource in the networked computer system (Adams, ¶ 40 malicious file is detected on client device); 		identifying a remediation action (Adams, ¶ 44 based on conditions such as whether or not the file has already been executed or not, various remediation actions can be performed)”.
Adams does not, but in related art, Urias teaches:	“determining whether the remediation action is a safe remediation action (Urias, ¶ 57 specifically refers to determining if patches and updates execute in a fashion that is safe an correspondingly unsafe when it occurs) that does not reduce availability of the application on the networked computer system (Urias, ¶ 63 teaches that the network model is used to simulate the effects of changes on the network which would include changes brought about by updates and patches.  Further, Adams ¶ 49-50, and 59 teaches that the system is able to detect misconfigurations including at least duplicate IP and MAC addresses which resulting from a patch or update would increase or decrease the availability of an application) or an unsafe remediation action (Urias, ¶ 57 specifically refers to determining if patches and updates execute in a fashion that is safe an correspondingly unsafe when it occurs) that reduces availability of the application on the networked computer system (Urias, ¶ 63 teaches that the network model is used to simulate the effects of changes on the network which would include changes brought about by updates and patches.  Further, Adams ¶ 49-50 and 59 teaches that the system is able to detect misconfigurations including at least duplicate IP and MAC addresses which resulting from a patch or update would increase or decrease the availability of an application)”.
	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Adams and Urias, to modify the vulnerability and detection system of Adams to include the method to verify the effect of remediation changes on a network as taught in Urias.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results. 
 
Regarding claims 3, 12, and 20, Adams in view of Urias teaches:
“The method of claim 1 (Adams in view of Urias teaches the limitations of the parent claims as discussed above and below), wherein determining if the remediation action is a safe remediation action or an unsafe remediation action includes determining what computer resources in the networked computer system are accessible from, or are accessed by, the vulnerable computer resource (Urias, Figs. 3-4, ¶ 45, 54-56 and 62 teaches collecting network connectivity information for all devices of the network including connections made from outside the network)”.

Regarding claims 10 and 18, Adams teaches:
“A system for securing a networked computer system hosting an application, the system comprising: 	a computing device including at least one processor and at least one memory; 	a scanner identifying a vulnerable computer resource in the networked computer system (Adams, ¶ 40 malicious file is detected on client device); 	a remediation actions selector identifying a remediation action (Adams, ¶ 44 based on conditions such as whether or not the file has already been executed or not, various remediation actions can be performed);
a remediations implementer implementing the remediation action (Adams, ¶ 48 teaches implementing the remediation action) if it is the safe remediation action to secure the networked computer system (Adams, ¶ 45 teaches using machine learning to select a remediation action that was successful for similar file vulnerabilities)”.
	Adams does not, but in related art, Urias teaches:	“an application availability analyzer determining whether the remediation action is a safe remediation action (Urias, ¶ 57 specifically refers to determining if patches and updates execute in a fashion that is safe an correspondingly unsafe when it occurs) that does not reduce availability of the application on the networked computer system (Urias, ¶ 63 teaches that the network model is used to simulate the effects of changes on the network which would include changes brought about by updates and patches.  Further, Adams ¶ 49-50 and 59 teaches that the system is able to detect misconfigurations including at least duplicate IP and MAC addresses which resulting from a patch or update would increase or decrease the availability of an application)  or an unsafe remediation action (Urias, ¶ 57 specifically refers to determining if patches and updates execute in a fashion that is safe an correspondingly unsafe when it occurs) that reduces availability of the application on the networked computer system (Urias, ¶ 63 teaches that the network model is used to simulate the effects of changes on the network which would include changes brought about by updates and patches.  Further, Adams ¶ 49-50 and 59 teaches that the system is able to detect misconfigurations including at least duplicate IP and MAC addresses which resulting from a patch or update would increase or decrease the availability of an application)”. 	Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Adams and Urias, to modify the vulnerability and detection system of Adams to include the method to verify the effect of remediation changes on a network as taught in Urias.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results. 

Regarding claims 11 and 19, Adams in view of Urias teaches:
“The system of claim 10 (Adams in view of Urias teaches the limitations of the parent claims as discussed above), wherein the remediation action includes at least closing access to the vulnerable computer resource for all users (Adams, ¶ 47 teaches quarantining the client device from all other client devices)”.
Claim(s) 4-6, 8, 13-16, and 21-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Adams, in view of Urias in view of Tyagi et al. (US 2020/0329055 A1). 
Regarding claims 4, 13, and 21, Adams in view of Urias teaches:
“The method of claim 3 (Adams in view of Urias teaches the limitations of the parent claims as discussed above), wherein determining what computer resources in the networked computer system are accessible from, or are accessed by, the vulnerable computer resource includes monitoring traffic flows between the computer resources over a period of time (Urias, Figs. 3-4, ¶ 45, 54-56 and 62 teaches collecting network connectivity information for all devices of the network including connections made from outside the network)”.
Adams in view of Urias does not, but in related art, Tyagi teaches:	“to identify vulnerability paths from the vulnerable computer resource to other computer resources in the networked computer system (Tyagi, Fig. 8, ¶ 86-87, 93-94, and 110 teach determining various kill chains identifying vulnerabilities on the path to a critical resource)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Adams, Tyagi and Urias, to modify the vulnerability and detection system of Adams and Urias to include the method to use kill chain analysis to determine the outward effects of a particular vulnerability as taught in Tyagi.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claims 5, 14, and 22, Adams in view of Urias in view of Tyagi teaches:
“The method of claim 4 (Adams in view of Urias in view of Tyagi teaches the limitations of the parent claims as discussed above), further comprising: 	determining whether the vulnerability paths lead to a critical computer resource used in execution of the application (Tyagi, Fig. 8, ¶ 86-87, 93-94, and 110 teach determining various kill chains identifying vulnerabilities on the path to a critical resource)”.

Regarding claims 6, 15, and 23, Adams in view of Urias in view of Tyagi teaches:
“The method of claim 5 (Adams in view of Urias in view of Tyagi teaches the limitations of the parent claims as discussed above), further comprising: 	if the remediation action is determined to be an unsafe remediation action, converting the remediation action into the safe remediation action, wherein the safe remediation action includes closing open access to the critical computer resource over the vulnerability path to all users (Adams, ¶ 47 teaches quarantining the client device from all other client devices)”.

Regarding claim 8, 16, and 24, Adams in view of Urias teaches:
“The method of claim 3 (Adams in view of Urias teaches the limitations of the parent claims as discussed above), wherein determining what computer resources in the networked computer system are accessible from, or are accessed by, the vulnerable computer resource includes”.
Adams in view of Urias does not, but in related art, Tyagi teaches: 	“determining a blast radius of the vulnerable computer resource by determining what computer resources are directly or indirectly attached to the vulnerable computer resource (Tyagi, Fig. 8, ¶ 86-87, 93-94, and 110 teach determining various kill chains identifying vulnerabilities on the path to various critical resources)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Adams, Tyagi and Urias, to modify the vulnerability and detection system of Adams and Urias to include the method to use kill chain analysis to determine the outward effects of a particular vulnerability as taught in Tyagi.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Adams, in view of Urias in view of Giammaria et al. (US 2015/0355895 A1).
Regarding claim 7, Adams in view of Urias in view of Tyagi teaches:
“The method of claim 5, further comprising if the remediation action is determined to be an unsafe remediation action, converting the remediation action into the safe remediation action (Adams in view of Urias in view of Tyagi teaches the limitations of the parent claims as discussed above)”. 	Adams, in view of Urias does not, but in related art, Giammaria teaches:	“wherein the safe remediation action includes providing specific access to the critical computer resource to the application (Giammaria, ¶ 71, and 82-87 teach modifying access to the vulnerable resource to a specific group)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Adams, Giammaria and Urias, to modify the vulnerability and detection system of Adams and Urias to include the method to modify the access to a vulnerable resource using various group access as taught in Giammaria.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Claim(s) 26 and 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Adams, in view of Urias in view of Louafi et al. (US 2021/0321259 A1).
Regarding claim 26, Adams teaches:
“A method for securing a networked computer system hosting an application, the method comprising: 
machine learning (Adams, ¶ 45 teaches using machine learning to select an optimal remediation action including one which has been successful in the past)”.
Adams does not, but in related art, Urias teaches:	monitoring behavior of computer resources of the networked computer system over a period of time (Urias, ¶ 54-56 teaches passively monitoring network traffic for a given period of time); 	generating behavioral models of the computer resources (Urias, ¶ 62, a model is created for the network and tested for accuracy);
a safe remediation action for the networked computer system that does not impact application availability (Urias, ¶ 57 specifically refers to determining if patches and updates execute in a fashion that is safe an correspondingly unsafe when it occurs.  Urias, ¶ 63 teaches that the network model is used to simulate the effects of changes on the network which would include changes brought about by updates and patches.  Further, Adams ¶ 49-50, and 59 teaches that the system is able to detect misconfigurations including at least duplicate IP and MAC addresses which resulting from a patch or update would increase or decrease the availability of an application)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Adams and Urias, to modify the machine learning based vulnerability and detection system of Adams to include the method to monitor a network and build a model of the network as taught in Urias.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.	Adams in view of Urias does not, but in related art, Louafi teaches:	“using the behavioral models as training data for machine learning to learn (Louafi, ¶ 35-38 teaches using network model behavior logs to train a machine learning system in a vulnerability detection system)”.
Before applicant’s earliest effective filing it would have been obvious to one of ordinary skill in the art, having the teachings of Adams, Louafi and Urias, to modify the vulnerability and detection system of Adams and Urias to include the method to use network model behavior logs to train a machine learning system in a vulnerability detection system as taught in Louafi.  The motivation to do so constitutes applying a known technique to known devices and/or methods ready for improvement to yield predictable results.

Regarding claim 27, Adams in view of Urias in view of Louafi teaches:
	“The method of claim 26 (Adams in view of Urias in view of Louafi teaches the limitations of the parent claim as discussed above), wherein the machine learning learns from the behavioral models which particular computer resources in the networked computer system are affected by the safe remediation action and learns what access controls or modifications to the particular computer resources are implemented by the safe remediation action (Urias, ¶ 63 teaches that the network model is used to simulate the effects of changes on the network which would include changes brought about by updates and patches.  Further, Adams ¶ 49-50 and 59 teaches that the system is able to detect misconfigurations including at least duplicate IP and MAC addresses which resulting from a patch or update would increase or decrease the availability of an application.  Using this is a fitness function for the machine learning algorithm as discussed above in Adams, ¶ 45 and Louafi, ¶ 35-38  the system would converge on a safe solution)”.  
Conclusion
	In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: See PTO-892.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN GUNDRY whose telephone number is (571)270-0507 and can normally be reached on Monday - Friday 8:30 AM - 5PM EST.
	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/STEPHEN T GUNDRY/Examiner, Art Unit 2435