DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/24/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
The information disclosure statement (IDS) submitted on 5/27/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 9-12 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 9 recites a “test scenario generation program”, which can be interpreted as simply a set of instructions, e.g. computer instructions.  This does not fall into one of the four categories of patent eligible subject matter (process, machine, manufacture, or composition of matter).  In order to overcome this rejection, Examiner recommends amending the claims to incorporate the physical medium which stores the program, e.g. “a non-transitory computer readable medium storing a test scenario generation program”.  None of claims 10-12 fix this and are therefore rejected for the same reasons.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a storage unit which stores hierarchy information…”, “an assignment unit which creates attack classification information…”, and “a scenario creation unit which generates an entry route…” in claim 1.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 7-9, 11-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chari et al (PGPUB 2017/0286690), and further in view of Lang et al (PGPUB 2019/0258953).

Regarding Claim 1:
Chari teaches a test scenario generation device which generates a test scenario related to an attack against an in-vehicle device (abstract, generating an attack graph including nodes representing components in the set of components of the regulated service and edges between nodes representing relationships between components; paragraph 57, computing environment includes automobile computer system), comprising: 
a storage unit which stores hierarchy information including information indicating a plurality of constituent elements equipped in the in-vehicle device (paragraph 34-35, topology graph of service representing components comprising regulated service and how components are connected; components include data processing system hardware components and applications) and, among the constituent elements, assets that may become an attack target (paragraph 39, sensitivity rank indicating how sensitive that particular component is to an attack), an element connection which indicates a connection of the constituent elements (paragraph 34-35, topology graph of service representing components comprising regulated service and how components are connected), vulnerability information which indicates a vulnerability of each of the constituent elements (paragraph 39, vulnerability and risk metrics representing measurements of vulnerability and risk, used to calculate risk score for each component), and attack classification information which indicates an attack classification of each of the vulnerabilities (paragraph 81, illustrative embodiments generate a node A in the attack graph representing each type of attacker that can exploit a vulnerability in the component represented by the node X (e.g., from CVE identifiers or from threat vectors) if such a node A does not already exist in the attack graph); 
an assignment unit which creates attack classification information, which has identified the attack classification of each of the constituent elements, by using the hierarchy information, the vulnerability information, and the attack classification information (paragraph 81, 83, 88-91, 96 topology graph used to sensitivity rank, integrity rank, and criticality rank; attack graph generated using vulnerability/risk data; rank for each component represented by node in attack graph using topology graph; nodes in attack graph generated representing type of attacker); and 
a scenario creation unit which generates an entry route up to each of the constituent elements as the assets based on the element connection (paragraph 81, attack graph comprising nodes and edges between nodes; paragraph 65, illustrative embodiments use edge paths in the attack graphs to propagate a level of risk from a sink node to a source node and/or from a source node to a sink node, for example).
Chari does not explicitly teach generating a plurality of test scenarios in which a combination of the constituent elements and the attack classification is arranged in an order of the entry routes by using the attack classification information.
However, Lang teaches the concept of generating a plurality of test scenarios in which a combination of constituent elements and an attack classification is arranged in an order of entry routes by using attack classification information (paragraph 2, invention relates to automation for vulnerability assessment and penetration testing; paragraph 91, AI entity can for example comprise of several machine learning models (e.g. neural networks) to learn different relevant behaviors and information; it is queried from an agent action determination and execution entity (e.g. the attack/behavior tree execution entity) to assist making decisions, for example: when the execution entity reaches a particular tree node (attack step) it provides the node as an input into the neural network, which returns the success probability for each sub path (i.e. “test scenario”); the execution entity then uses a random number calculation so that each path is chosen with its respective probability (i.e. “order of entry routes”)).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the multiple scenario probability teachings of Lang with the test scenario generation teachings of Chari, with the benefit of incorporating multiple possible attack scenarios to provide the test platform with the ability to select for the most severe attacks/vulnerabilities in order to prioritize remediation strategies which target vulnerabilities in order of severity, thereby focusing administrator/programmer efforts on flaws which have the highest likelihood of causing system damage in the near term.

Regarding Claim 3:
Chari in view of Lang teaches the test scenario generation device according to claim 1.  In addition, Chari teaches the device, further comprising: a risk evaluation unit which determines a priority of each of the test scenarios generated by the scenario creation unit (paragraph 91, neural network returns the success probability for each sub path (i.e. test scenario); each path is chosen with its respective probability; EXAMINER’S NOTE: Lang is referring to the success probability for a simulated attack; this can be seen as an evaluation of risk).
The rationale to combine Chari and Lang is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.

Regarding Claim 4:
Chari in view of Lang teaches the test scenario generation device according to claim 1.  In addition, Lang teaches the device, further comprising: a redundant scenario determination unit which detects a test scenario, among the plurality of test scenarios generated by the scenario creation unit, in which a combination of the constituent elements and the attack classification at least partially overlaps from the entry point (paragraph 134, Fig. 8, attack tree example shows multiple branching levels to the tree; paragraph 90, neural net trained to always predict branch that is most likely to be successful; paragraph 98, sequencing entity executes a step, and selects a sub-branch (i.e. child node) based on e.g. success/failure of the attack step execution, and characteristics such as overall success likelihood of entire sub-branch (i.e. including subsequent sub-branches, as per Fig. 8); test scenario therefore includes overlapping paths originating from original child node).
The rationale to combine Chari and Lang is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 4.

Regarding Claims 5, 7-8:
	These are the method claims corresponding to the device of claims 1, 3-4, respectively, and are therefore rejected for corresponding reasons.

Regarding Claims 9, 11-12:
	These are the program claims corresponding to the device of claims 1, 3-4, respectively, and are therefore rejected for corresponding reasons.

Claims 2, 6, 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chari in view of Lang, and further in view of Strom et al (PGPUB 2017/0006055).


Regarding Claim 2:
Chari in view of Lang teaches the test scenario generation device according to claim 1.  In addition, Lang teaches wherein the storage unit additionally stores scenario pattern information indicating an order in which the attack classification is executed (paragraph 94, action sequences can for example be defined by a tree/graph structure; the action sequences can for example be defined by pre-/post-conditions of actions (e.g. post-conditions of an action may become pre-conditions for the next action); the system can for example construct a tree/graph from individual actions based on pre-/post-conditions; in the present invention, the system can for example deconstruct a tree/graph into individual actions based on pre-/post-conditions).
 The rationale to combine Chari and Lang is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.
Neither Chari nor Lang explicitly teaches wherein the scenario creation unit extracts only a test scenario corresponding to the scenario pattern information among the test scenarios obtained by generating all entry routes to the constituent elements as the assets based on the element connection.
However, Strom teaches the concept wherein a scenario creation unit extracts only a test scenario corresponding to scenario pattern information among test scenarios obtained by generating all entry routes to constituent elements as assets based on an element connection (abstract, network attack simulation method; paragraph 44, attack simulation path generated along with a plurality of additional attack simulation paths comprising alternative paths for moving from a first computer network attack simulation state to a second computer network attack simulation state; paragraph 135, logic engine can take as inputs the network state, host state, and adversary knowledge, and output one or more possible paths of movement through a network in the form of chains of adversary actions that can be performed during an attack simulation in a forward chaining fashion; paragraph 142, logic engine may generate and maintain a model of the target network or portions of the target network that the engine uses to determine which action or actions to select; following the above example, the logic engine may “know” (based on the model) that the current state of the target system includes that conditions P, Q, and S are currently true; thus, the current state can be represented in the logic engine as <P, Q, S>; the logic engine can use the current state to determine which action or actions to select for a host computer or host computers to execute).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the selected test scenario teachings of Strom with the test scenario generation teachings of Chari in view of Lang, with the benefit of allowing the system to select an attack path from a plurality of attack paths based on the detection of certain required preconditions, thereby executing an attack simulation which meets the needs of the current system state, which would result in more accurate and useful result data to improve security and efficiency.

Regarding Claim 6:
	This is the method claim corresponding to the device of claim 2, and is therefore rejected for corresponding reasons.

Regarding Claim 10:
	This is the program claim corresponding to the device of claim 2, and is therefore rejected for corresponding reasons.

Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491