Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a Final Office action in response to communications received February 24, 2022.  Claims 1-3, 5, 6, 8-10, 12, 13, 15-17, 19, and 20 have been amended.  Therefore, claims 1-20 are pending and addressed below. 


Response to Arguments 
Applicant’s arguments, see Pages 8-10, filed February 24, 2022, with respect to the rejection(s) of claim(s) 1, 8, 15 under 35 USC 102 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of newly found prior art reference, Yadav et al. (US2016/0359872 A1, publish date 12/08/2016).


Based on claim’s amendments, the Examiner rejects claims 1-20 with the new ground of rejections



Claim Rejections - 35 USC § 112
The following is a quotation of the second paragraph of 35 U.S.C. 112:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claim 8:
Claim 8 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.  
Claim 8 recites the limitation “generate an application protectability scheme”.  There is insufficient antecedent basis for this limitation in the claim.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Curtis et al. (US 2012/0210434 A1, publish date 08/16/2021) in view of Yadav et al. (US2016/0359872 A1, publish date 12/08/2016).

Claim 1:
With respect to claim 1, Curtis et al. discloses a method (security countermeasure management platform, Figures 1, 3, 12) comprising:
identifying, by a network controller, security layers (the risk data 1200 is collected at one or more layers of the computing stack and/or from third party sources, 0047)
for implementing an application protectability scheme for an application (A typical enterprise security infrastructure comprises tools and technologies at multiple OSI layers (namely, transport, data, application, network, and the like) that--at least theoretically--combine to provide an overall level of protection for an enterprise, 0006);
determining, by the network controller, a corresponding security index ("Risk data", 0026) for the application at each of the security layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the security layers (The data collection 400 assimilates risk data received from one or more sources, typically representing one or more layers of the OSI protocol stack (e.g., application, transport, Internet, link, physical). The assessment process 402 normalizes the collected data, identifies various industry-standard "identifiers," maps any applicable countermeasures to the risk data, and applies a ranking algorithm, 0040) (Figure 4);
determining, by the network controller, an application protectability index based on the plurality of security indexes (The assessment process 402 preferably correlates threats across layers, processing the received risk data against the vulnerability-to-countermeasure knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable for potential remediation of the particular vulnerability, 0040); and
generating the application protectability scheme (one or more countermeasures applicable for potential remediation of the particular vulnerability, 0040) for protecting the application based on the application protectability index (presenting information regarding the one or more discovered countermeasures, the information identifies (i) an expected cost of implementing the discovered countermeasure, (ii) an expected effectiveness of implementing the discovered countermeasure, and (iii) an indication of whether the discovered countermeasure is available in the computing environment, 0040).

Curtis et al. does not disclose wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic as claimed. 

Yadav et al. teaches wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic (The network traffic data can include information describing the communication on all layers of the Open Systems Interconnection (OSI) model. For example, the network traffic data can include signal strength (if applicable), source/destination media access control (MAC) address, source/destination internet protocol (IP) address, protocol, port number, encryption data, requesting process, a sample packet, etc. 0017) (Network environment 200, Layer 2, Layer 3, 0038, Figure 2)

Curtis et al. and Yadav et al. are analogous art because they are from the same field of endeavor of network security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Yadav et al. in Curtis et al. for wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic as claimed for purposes of implementing appropriate security policies (see Yadav et al. 0003)

Claim 8:
With respect to claim 8, Curtis et al. discloses a system (security countermeasure management platform, Figures 1, 3, 12) comprising:
at least one processor (hardware processor claim 1); and 
a non-transitory computer-readable storage medium comprising instructions stored thereon which, when executed by the at least one processor (computer memory holding computer program instructions executed by the processor to perform the following operations, Claim 1), cause the at least one processors to: 
identifying, by a network controller, security layers (the risk data 1200 is collected at one or more layers of the computing stack and/or from third party sources, 0047)
for implementing an application protectability scheme for an application (A typical enterprise security infrastructure comprises tools and technologies at multiple OSI layers (namely, transport, data, application, network, and the like) that--at least theoretically--combine to provide an overall level of protection for an enterprise, 0006);
determine, by the network controller, a corresponding security index ("Risk data", 0026) for the application at each of the security layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the security layers (The data collection 400 assimilates risk data received from one or more sources, typically representing one or more layers of the OSI protocol stack (e.g., application, transport, Internet, link, physical). The assessment process 402 normalizes the collected data, identifies various industry-standard "identifiers," maps any applicable countermeasures to the risk data, and applies a ranking algorithm, 0040) (Figure 4);
determine, by the network controller, an application protectability index based on the plurality of security indexes (The assessment process 402 preferably correlates threats across layers, processing the received risk data against the vulnerability-to-countermeasure knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable for potential remediation of the particular vulnerability, 0040); and
generate an application protectability scheme (one or more countermeasures applicable for potential remediation of the particular vulnerability, 0040) for protecting the application based on the application protectability index (presenting information regarding the one or more discovered countermeasures, the information identifies (i) an expected cost of implementing the discovered countermeasure, (ii) an expected effectiveness of implementing the discovered countermeasure, and (iii) an indication of whether the discovered countermeasure is available in the computing environment. 0040).

Curtis et al. does not disclose wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic as claimed. 

Yadav et al. teaches wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic (The network traffic data can include information describing the communication on all layers of the Open Systems Interconnection (OSI) model. For example, the network traffic data can include signal strength (if applicable), source/destination media access control (MAC) address, source/destination internet protocol (IP) address, protocol, port number, encryption data, requesting process, a sample packet, etc. 0017) (Network environment 200, Layer 2, Layer 3, 0038, Figure 2)

Curtis et al. and Yadav et al. are analogous art because they are from the same field of endeavor of network security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Yadav et al. in Curtis et al. for wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic as claimed for purposes of implementing appropriate security policies (see Yadav et al. 0003)

Claim 15:
With respect to claim 15, Curtis et al. discloses a non-transitory computer-readable storage medium comprising computer- readable instructions stored thereon which, when executed by at least one processor (security countermeasure management platform, Figures 1, 3, 12) (hardware processor claim 1) (computer memory holding computer program instructions executed by the processor to perform the following operations, Claim 1), cause the at least one processors to: 
identifying, by a network controller, security layers (the risk data 1200 is collected at one or more layers of the computing stack and/or from third party sources, 0047)
for implementing an application protectability scheme for an application (A typical enterprise security infrastructure comprises tools and technologies at multiple OSI layers (namely, transport, data, application, network, and the like) that--at least theoretically--combine to provide an overall level of protection for an enterprise, 0006);
determine, by the network controller, a corresponding security index ("Risk data", 0026) for the application at each of the security layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the security layers (The data collection 400 assimilates risk data received from one or more sources, typically representing one or more layers of the OSI protocol stack (e.g., application, transport, Internet, link, physical). The assessment process 402 normalizes the collected data, identifies various industry-standard "identifiers," maps any applicable countermeasures to the risk data, and applies a ranking algorithm, 0040) (Figure 4);
determine, by the network controller, an application protectability index based on the plurality of security indexes (The assessment process 402 preferably correlates threats across layers, processing the received risk data against the vulnerability-to-countermeasure knowledge base to discover, with respect to a particular vulnerability, one or more countermeasures applicable for potential remediation of the particular vulnerability, 0040); and
generate the application protectability scheme (one or more countermeasures applicable for potential remediation of the particular vulnerability, 0040) for protecting the application based on the application protectability index (presenting information regarding the one or more discovered countermeasures, the information identifies (i) an expected cost of implementing the discovered countermeasure, (ii) an expected effectiveness of implementing the discovered countermeasure, and (iii) an indication of whether the discovered countermeasure is available in the computing environment. 0040).

Curtis et al. does not disclose wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic as claimed. 

Yadav et al. teaches wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic (The network traffic data can include information describing the communication on all layers of the Open Systems Interconnection (OSI) model. For example, the network traffic data can include signal strength (if applicable), source/destination media access control (MAC) address, source/destination internet protocol (IP) address, protocol, port number, encryption data, requesting process, a sample packet, etc. 0017) (Network environment 200, Layer 2, Layer 3, 0038, Figure 2)

Curtis et al. and Yadav et al. are analogous art because they are from the same field of endeavor of network security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Yadav et al. in Curtis et al. for wherein incoming network traffic to the application passes through each of the security layers and each of the security layers implementing policies or controls for a specific goal of protecting the application from the incoming network traffic as claimed for purposes of implementing appropriate security policies (see Yadav et al. 0003)

Claims 2-7, 9-14, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Curtis et al. (US 2012/0210434 A1, publish date 08/16/2021) in view of Yadav et al. (US2016/0359872 A1, publish date 12/08/2016) further in view of Gopal et al. (US2020/0274902 A1, file date 02/26/2019).

Claims 2, 9, 16:
With respect to claims 2, 9, 16, the combination of Curtis et al. and Yadav et al. discloses the limitations of claims 1, 8, 15, as addressed.

Neither Curtis et al. nor Yadav et al. discloses wherein determining the corresponding security index at each of the security layers comprises:
identifying a number of tools at a corresponding security layer available for protecting the application;
assigning a corresponding weight to each of the tools;
determining a corresponding protectability index factor for each of the tools;
assigning a weight to the corresponding security layer; and
determining the corresponding security index based on the corresponding weight of each of the tools, the corresponding protectability index factor for each of the tools and the weight of the corresponding security layer as claimed. 

However, Gopal et al. teaches an "application" generally refers to the software application and/or tools (0011), AE 206 is configured to use SSM 208 to calculate a diversity index (DI) for the types of network traffic coming through SSE 106.  Based on the calculated dynamic security score and its comparison with the baseline dynamic security score, SAE 206 is able to assess and remedy (if necessary) the security configuration of SSE 106 (0028), the diversity index is part of the dynamic security score that is measured by observing the network traffic flows, SAE 206 classifies the received network traffic flows by mapping the traffic to various network abstraction layers, for example, as defined by the Open Systems Interconnection (OSI) model stack, application related to the network traffic flows traversing SSE 106. (0029)  SAE 206 is configured to determine a traffic diversity index value by assessing traffic characteristics exhibited at different abstraction layers.  Composed of seven layers: the physical layer, the data link layer, the network layer, the transport layer, the session layer, the presentation layer, and the application layer. (0045), wherein determining the corresponding security index at each of the security layers comprises:
identifying a number of tools at a corresponding security layer available for protecting the application; assigning a corresponding weight to each of the tools; determining a corresponding protectability index factor for each of the tools; assigning a weight to the corresponding security layer (SAE 206 determines the sum totals at each of the abstraction Layers, a separate diversity score "D" for each network layer is Calculated, the diversity index for each abstraction layer can be computed: notably each of the "n" variable and "N" variable represents a different number of entities depending on the network layer that is being assessed0, 0037-0038); and
determining the corresponding security index based on the corresponding weight of each of the tools, the corresponding protectability index factor for each of the tools and the weight of the corresponding security layer (After calculating the diversity index "D" for each layer, SAE 206 computes the cumulative diversity index (CDI) by summing the normalized individual diversity indexes and dividing by the total number of corresponding layers. SAE 206 is configured to generate a final security score, 0039-0042).

Curtis et al. and Gopal et al. are analogous art because they are from the same field of endeavor of network security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Gopal et al. in Curtis et al. and Yadav et al. for wherein determining the corresponding security index at each of the security layers comprises:
identifying a number of tools at a corresponding security layer available for protecting the application; assigning a corresponding weight to each of the tools; determining a corresponding protectability index factor for each of the tools; assigning a weight to the corresponding security layer; and determining the corresponding security index based on the corresponding weight of each of the tools, the corresponding protectability index factor for each of the tools and the weight of the corresponding security layer as claimed for purposes of dynamically remediating a security system entity (see Gopal et al. 0002-0003)

Claims 3, 10, 17:
With respect to claims 3, 10, 17, the combination of Curtis et al., Yadav et al. and Gopal et al. discloses the limitations of claims 2, 9, 16, as addressed.

Gopal et al. teaches wherein determining the corresponding security index at each of the security layers is based on a sum of all protectability indexes for the tools weighted by the corresponding weight assigned to each of the tools (SAE 206 determines the sum totals at each of the abstraction Layers, a separate diversity score "D" for each network layer is Calculated, the diversity index for each abstraction layer can be computed: notably each of the "n" variable and "N" variable represents a different number of entities depending on the network layer that is being assessed0, 0037-0038) (After calculating the diversity index "D" for each layer, SAE 206 computes the cumulative diversity index (CDI) by summing the normalized individual diversity indexes and dividing by the total number of corresponding layers. SAE 206 is configured to generate a final security score, 0039-0042).

Curtis et al., Yadav et al. and Gopal et al. are analogous art because they are from the same field of endeavor of network security.

The motivation for combining Curtis et al., Yadav et al. and Gopal et al. is recited in claims 2, 9, 16. 

Claims 4, 11, 18:
With respect to claims 4, 11, 18, the combination of Curtis et al., Yadav et al. and Gopal et al. discloses the limitations of claims 2, 9, 16, as addressed.

Gopal et al. teaches wherein the corresponding weight of each of the tools is an objective indication of a level of protection provided by a corresponding one of the tools (if SAE 206 determines that the overall dynamic security score falls below a particular threshold and thus is contributing towards the deficiency of the overall security score, SAE 206 determines that SSE 106 is susceptible to an attack.  In the event the overall security score falls below a predetermined threshold, SAE 206 determines that a more secure configuration is required to maintain an appropriate security status for SSE 106, 0042).

Curtis et al., Yadav et al. and Gopal et al. are analogous art because they are from the same field of endeavor of network security.

The motivation for combining Curtis et al., Yadav et al. and Gopal et al. is recited in claims 2, 9, 16. 

Claims 5, 12, 19:
With respect to claims 5, 12, 19, the combination of Curtis et al., Yadav et al. and Gopal et al. discloses the limitations of claims 2, 9, 16, as addressed.

Gopal et al. teaches wherein the weight of the corresponding security layer is indicative of importance of the corresponding security layer in protecting the application relative to remaining ones of the security layers (a traffic diversity index value by assessing traffic characteristics exhibited at different abstraction layers, composed of seven layers: the greater the diversity index value, the less secure the SSE 106. the traffic diversity index is inversely related with the dynamic security score (e.g., dynamic security score=100-Diversity Index value), a sudden diversity index increase could be a reliable indication that the SSE is either under attack or subjected to a reconnaissance scan for weakness.  Such an increase in the diversity index score would result in a drop in the dynamic security score, thereby alerting the SSE and/or user to take proper remedial action(s), 0045).

Curtis et al., Yadav et al. and Gopal et al. are analogous art because they are from the same field of endeavor of network security.

The motivation for combining Curtis et al., Yadav et al. and Gopal et al. is recited in claims 2, 9. 

Claims 6, 13, 20:
With respect to claims 6, 13, 20, the combination of Curtis et al., Yadav et al. and Gopal et al. discloses the limitations of claims 2, 9, 16, as addressed.

Gopal et al. teaches wherein the application protectability index is determined as a ratio of a sum of the plurality of security indexes to a sum of all weights assigned to the security layers (SAE 206 determines the sum totals at each of the abstraction Layers, a separate diversity score "D" for each network layer is Calculated, the diversity index for each abstraction layer can be computed: notably each of the "n" variable and "N" variable represents a different number of entities depending on the network layer that is being assessed, 0037-0038);

Curtis et al., Yadav et al. and Gopal et al. are analogous art because they are from the same field of endeavor of network security.

The motivation for combining Curtis et al., Yadav et al. and Gopal et al. is recited in claims 2, 9, 16. 

Claims 7, 14:
With respect to claims 7, 14, the combination of Curtis et al. and Yadav et al. discloses the limitations of claims 1, 8, as addressed.

Curtis et al. discloses wherein the application protectability index includes at least one recommendation for improving protectability of the application (one or more countermeasures applicable for potential remediation of the particular vulnerability, 0040).

Gopal et al. teaches wherein the application protectability index includes at least one recommendation for improving protectability of the application (proper remedial action(s), 0045).

Curtis et al., Yadav et al. and Gopal et al. are analogous art because they are from the same field of endeavor of network security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Gopal et al. in Curtis et al. and Yadav et al. for wherein the application protectability index includes at least one recommendation for improving protectability of the application as claimed for purposes of dynamically remediating a security system entity (see Gopal et al. 0002-0003)



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433