Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
This office action is in response to the listing of claims filed on May 18, 2018. Claims 1-20 are currently pending.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 8-10, 12-15, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Brandt et al (US PGPub No: 2013/0031037) in view of May et al  (US PGPub No: 2015/0281277), hereafter referred to as Brandt and May, respectively. 


With regards to claims 1, 12, and 17, Brandt teaches through May, a computer-implemented method comprising: receiving system inventory information identifying a plurality of systems of a computer environment and properties of the plurality of systems, the plurality of systems being targeted for audit result prediction (Brandt teaches scanning and auditing network devices. These scans and/or audits reveal a network topology, configurations, permissions, privileges, account policies, and more; see paragraphs 13-14 and 71, Brandt. Brandt further details how the network can employ various learning functions/processes that learn patterns and can utilize inference models, decision trees, or other models; see paragraphs 83-84, Brandt); 

loading security requirements applicable to the plurality of systems; determining compliance deviations based on the received system inventory information and the loaded security requirements, each compliance deviation of the compliance deviations indicating a deviation between a current configuration of a respective one or more systems of the plurality of systems and a respective security requirement, of the security requirements, applicable to the one or more systems (Brandt explains comparing a stored security configuration with a network configuration to determine if actions are needed; see paragraph 70, Brandt. ); 

based at least on the determined compliance deviations, selecting a set of audit features based on which a predicted audit result is to be generated; and generating a predicted audit result using the selected set of audit features as input to an audit result classification model, the audit result classification model trained on historical audit information to predict audit results based on input audit features, and the predicted audit result being a prediction of a result of an audit of the plurality of systems (Brandt teaches detecting deviations from the learned patterns after a training period. Learned profiles are created after the training period and then a comparison analyzer can monitor in view of the learned profiles and then compare based the learned profile with monitored activities; see paragraphs 70, 97, and 99, Brandt)

While Brandt teaches scanning and auditing a network, Brandt does not explicitly cite predicting audit results. In the same field of endeavor May also teaches a network that can be audited; see paragraph 57, May. In particular, May explains how auditing can monitor, assess, and quantify resources and security settings; see paragraph 57, May. The network can then analyze trends/patterns to compute a reputation score (CR score) (i.e. predict audit result); see paragraph 58, May. Policies can be assigned based on these CR scores, low score meaning more risk; see paragraphs 49 and  58, May. By auditing a network and predicting audit results (i.e. calculate CR score based on trends/patterns), appropriate policies can be applied; see paragraph 11, May. Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of May with those of Brandt to apply appropriate policies in a network. 


With regards to claims 2, 13, and 18, Brandt teaches through May, the method further comprising, for each compliance deviation of the determined compliance deviations, determining a deviation severity score indicative of a potential impact of the compliance deviation, wherein the selected set of features input to the audit result classification model is based on the respective deviation severity score for each compliance deviation (May explains how auditing can monitor, assess, and quantify resources and security settings; see paragraph 57, May. The network can then analyze trends/patterns to compute a reputation score (CR score) (i.e. predict audit result); see paragraph 58, May. Policies can be assigned based on these CR scores, low score meaning more risk; see paragraphs 49 and  58, May. By auditing a network and predicting audit results (i.e. calculate CR score based on trends/patterns), appropriate policies can be applied; see paragraph 11, May. Therefore it would have been obvious to one skilled in the art, at the time of filing, to have combined the teachings of May with those of Brandt to apply appropriate policies in a network).  

With regards to claims 3, 14, and 19, Brandt teaches through May, the method wherein a deviation severity score for a compliance deviation is based at least in part on an assigned importance of the one or more systems of the deviation indicated by the compliance deviation, an assigned impact to confidentiality and likelihood of that impact occurring, an assigned impact to integrity of the one or more systems and likelihood of that impact occurring, and an exposure time resulting from the compliance deviation (see pattern analysis, including time, see paragraph 89, Brandt).  

With regards to claim 4, Brandt teaches through May, the method wherein the deviation severity score is determined as a weighted function of at least the assigned importance, assigned impact to confidentiality, assigned impact to integrity, and exposure time (See prioritizing certain assets and prioritizing certain security; see paragraph 57, Brandt).  

With regards to claims 5, 15, and 20, Brandt teaches through May, the method further comprising classifying the compliance deviations by deviation severity score into a plurality of severity level classifications, wherein the selected set of audit features comprise a total number of compliance deviations for the plurality of systems, a respective number of compliance deviations classified in each of the plurality of severity level classifications, and an environment size of the plurality of systems (see paragraphs 115-118, Brandt).  

With regards to claim 8, Brandt teaches through May, the method further comprising generating and outputting a report displaying the predicted audit result and a list of compliance deviations organized based on deviation severity score (see paragraphs 87, 91, and 115, Brandt).  

With regards to claim 9, Brandt teaches through May, the method wherein the loaded security requirements comprise one or more security policies indicating proper values and configurations for the plurality of systems (see paragraphs 57 and 64, Brandt).  

With regards to claim 10, Brandt teaches through May, the method wherein the properties of the plurality of systems comprise a system type and version of each system of the plurality of systems (see paragraph 11, Brandt).  


Allowable Subject Matter
Claims 6, 7, 11, and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AZIZUL Q CHOUDHURY whose telephone number is (571)272-3909. The examiner can normally be reached M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, EMMANUEL MOISE can be reached on (571) 272-3865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/AZIZUL CHOUDHURY/Primary Examiner, Art Unit 2455