Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

1.        This action is in response to application amendments filed on 3-29-2022. 
2.        Claims 1 - 22 are pending.  Claims 1, 12 have been amended.   Claims 1, 12 are independent. This application was filed on 12-19-2018.     

Response to Arguments

3.    Applicant’s arguments, see Arguments/Remarks Made in an Amendment, filed 3-29-2022, with respect to the rejection(s) under Oliphant in view Vaidya have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Oliphant in view of Loy.

A.  Applicant argues on page 8 of Remarks:    ...   it is necessary to be able to programmatically determine whether a particular software version on a device is specified as being susceptible to a vulnerability being checked.

    The Examiner respectfully disagrees.  Loy discloses detecting vulnerabilities associated with the software components and determining a particular patch to correct or alleviate a particular vulnerability. (see Loy col 2, lines 8-18: method includes steps of obtaining an identification of installed components on computer system, and obtaining a list of all relevant patches for installed components; method further generates a Boolean logic expression for each relevant patch, and evaluates each Boolean logic expression to determine a minimal set of patches to be installed, which minimal set of patches include patches for all critical errors (correct or alleviate vulnerability); col 2, lines 21-31: Boolean logic expression constructed for a given family of patches; Boolean logic expression expresses which patches (or alternative patch configurations) should be installed in order to have all critical defects effectively patched; col 2, lines 43-49: method then identifies a predecessor list, wherein the predecessor list includes a sequence of patches in a family of patches that precede the given software patch, and constructs a Boolean logic expression of the family of patches; Boolean logic expression, critical patches are ANDed in the Boolean logic expression and supercedes critical patches are ORed in the Boolean logic expression; method evaluates Boolean logic expression with reference to obtained currently installed patches)

B.  Applicant argues on page 9 of Remarks:    ...   a vulnerability listing object is accessed that provides details on a particular software vulnerability including what software patches are susceptible to the vulnerability.

    The Examiner respectfully disagrees.  Oliphant discloses a database comprising information associated with a particular vulnerability via a vulnerability identifier (i.e. listing object).  (see Oliphant paragraph [0005], lines 1-7: database of information about a plurality of devices, updated in real-time and used by application to make security-related decisions; database stores data indicating installed operating system(s), installed software, patches that have been applied, system policies that are in place, and configuration information for each device; paragraph [0011], lines 3-4: system includes a vulnerability and remediation database; paragraph [0012], lines 12-19: each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information (patch information) from database)  
  And, Loy discloses a determination of software components susceptible to a particular vulnerability.  (see Loy col 2, lines 8-18: method includes steps of obtaining an identification of installed components on computer system, and obtaining a list of all relevant patches for installed components; method further generates a Boolean logic expression for each relevant patch, and evaluates each Boolean logic expression to determine a minimal set of patches to be installed, which minimal set of patches include patches for all critical errors (correct or alleviate vulnerability); col 2, lines 21-31: Boolean logic expression constructed for a given family of patches; Boolean logic expression expresses which patches (or alternative patch configurations) should be installed in order to have all critical defects effectively patched; col 2, lines 43-49: method then identifies a predecessor list, wherein the predecessor list includes a sequence of patches in a family of patches that precede the given software patch, and constructs a Boolean logic expression of the family of patches; Boolean logic expression, critical patches are ANDed in the Boolean logic expression and supercedes critical patches are ORed in the Boolean logic expression; method evaluates Boolean logic expression with reference to obtained currently installed patches)

C.  Applicant argues on page 9 of Remarks:    ...   the vulnerability causes information comprises inter alia a Boolean expression that identifies software patches associated with the vulnerability listing object, such that software patches associated with the Boolean expression that are determined to be present can be applied to the Boolean expression and a determination of whether a software component is susceptible to the software vulnerability can be indicated based on the evaluation of the Boolean expression.

    The Examiner respectfully disagrees.  Oliphant discloses a database comprising information associated with a particular vulnerability utilizing a vulnerability identifier.  (see Oliphant paragraph [0005], lines 1-7: database of information about a plurality of devices, updated in real-time and used by application to make security-related decisions; database stores data indicating installed operating system(s), installed software, patches that have been applied, system policies that are in place, and configuration information for each device; paragraph [0011], lines 3-4: System includes a vulnerability and remediation database; paragraph [0012], lines 12-19: each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information (patch information) from database) 
  And, Loy discloses an evaluation of a Boolean expression associated with software components and patches to determine whether a software component is susceptible to a software vulnerability. (see Loy col 2, lines 8-18: method includes steps of obtaining an identification of installed components on computer system, and obtaining a list of all relevant patches for installed components; method further generates a Boolean logic expression for each relevant patch, and evaluates each Boolean logic expression to determine a minimal set of patches to be installed, which minimal set of patches include patches for all critical errors (correct or alleviate vulnerability); col 2, lines 21-31: Boolean logic expression constructed for a given family of patches; Boolean logic expression expresses which patches (or alternative patch configurations) should be installed in order to have all critical defects effectively patched; col 2, lines 43-49: method then identifies a predecessor list, wherein the predecessor list includes a sequence of patches in a family of patches that precede the given software patch, and constructs a Boolean logic expression of the family of patches; Boolean logic expression, critical patches are ANDed in the Boolean logic expression and supercedes critical patches are ORed in the Boolean logic expression; method evaluates Boolean logic expression with reference to obtained currently installed patches)

D.  Applicant argues on page 10 of Remarks:    ...   Oliphant does not disclose or suggest a vulnerability listing object as claimed.

    The Examiner respectfully disagrees. Oliphant discloses a database comprising information associated with a particular vulnerability utilizing a vulnerability identifier.  (see Oliphant paragraph [0005], lines 1-7: database of information about a plurality of devices, updated in real-time and used by application to make security-related decisions; database stores data indicating installed operating system(s), installed software, patches that have been applied, system policies that are in place, and configuration information for each device; paragraph [0011], lines 3-4: System includes a vulnerability and remediation database; paragraph [0012], lines 12-19: each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information (patch information) from database)  

E.  Applicant argues on page 10 of Remarks:    ...   Oliphant does not disclose the vulnerability causes information comprising patch information specifying one or more vulnerable patches each associating a patch token with patch details identifying a software patch,   ...   . 

    The Examiner respectfully disagrees.  Loy discloses the usage of Boolean type expression to evaluate software components and detect vulnerabilities associated with the software components and determining whether a software component is associated with a software vulnerability. (see Loy col 2, lines 8-18: method includes steps of obtaining an identification of installed components on computer system, and obtaining a list of all relevant patches for installed components; method further generates a Boolean logic expression for each relevant patch, and evaluates each Boolean logic expression to determine a minimal set of patches to be installed, which minimal set of patches include patches for all critical errors (correct or alleviate vulnerability); col 2, lines 21-31: Boolean logic expression constructed for a given family of patches; Boolean logic expression expresses which patches (or alternative patch configurations) should be installed in order to have all critical defects effectively patched; col 2, lines 43-49: method then identifies a predecessor list, wherein the predecessor list includes a sequence of patches in a family of patches that precede the given software patch, and constructs a Boolean logic expression of the family of patches; Boolean logic expression, critical patches are ANDed in the Boolean logic expression and supercedes critical patches are ORed in the Boolean logic expression; method evaluates Boolean logic expression with reference to obtained currently installed patches) 

F.  Applicant argues on page 11 of Remarks:    ...   there is no teaching or suggestion in Vaidya regarding the use of a Boolean expression as claimed, which as discussed helps allow for a programmatic detection of software vulnerabilities.

    The Examiner respectfully disagrees.  Loy discloses the usage of Boolean type expression to evaluate software components and detect vulnerabilities associated with the software components. (see Loy col 2, lines 8-18: method includes steps of obtaining an identification of installed components on computer system, and obtaining a list of all relevant patches for installed components; method further generates a Boolean logic expression for each relevant patch, and evaluates each Boolean logic expression to determine a minimal set of patches to be installed, which minimal set of patches include patches for all critical errors; col 2, lines 21-31: Boolean logic expression constructed for a given family of patches; Boolean logic expression expresses which patches (or alternative patch configurations) should be installed in order to have all critical defects effectively patched; col 2, lines 43-49: method then identifies a predecessor list, wherein the predecessor list includes a sequence of patches in a family of patches that precede the given software patch, and constructs a Boolean logic expression of the family of patches; Boolean logic expression, critical patches are ANDed in the Boolean logic expression and supercedes critical patches are ORed in the Boolean logic expression; method evaluates Boolean logic expression with reference to obtained currently installed patches)

G.  Applicant argues on page 11 of Remarks:    ...   independent claim 1 is believed to be patentable over the cited references. The same arguments apply, mutatis mutandis, to independent claim 12. 

    Independent claim 12 has similar limitations as independent claim 1.  Responses to arguments against independent claim 1 also answer arguments against independent claim 12.   

H.  Applicant argues on page 11 of Remarks: The dependent claims are patentable at least by virtue of their dependency,   ...   . 

    Responses to arguments against the independent claims also answer arguments against the associated dependent claims.   

Claim Rejections - 35 USC § 103  

4.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.        Claims 1, 2, 10, 12, 13, 21 are rejected under 35 U.S.C. 103 as being unpatentable over Oliphant et al. (US PGPUB No. 20050005159) in view of Loy et al. (US Patent No. 6,363,524).     	

Regarding Claims 1, 12, Oliphant discloses a method for determining if a software component is susceptible to a vulnerability and a device for determining if a software component is susceptible to a vulnerability, the method comprising: 
a)  accessing a vulnerability listing object comprising: a vulnerability identifier uniquely identifying a software vulnerability; (see Oliphant paragraph [0005], lines 1-7: database of information about a plurality of devices, updated in real-time and used by application to make security-related decisions; database stores data indicating installed operating system(s), installed software, patches that have been applied, system policies that are in place, and configuration information for each device; paragraph [0011], lines 3-4: System includes a vulnerability and remediation database; paragraph [0012], lines 12-19: each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information (patch information) from database) and 
b)  vulnerability causes information for use in determining software affected by the vulnerability (see Oliphant paragraph [0012], lines 4-12: security server collects data from devices, including software installed on devices, their configuration and policy settings, and patches that have been installed; security server also obtains from vulnerability and remediation database a regularly updated list of security vulnerabilities in software for a wide variety of operating systems, software applications), the vulnerability causes information comprising:
f)   applying the determined presence of software patches. (see Oliphant paragraph [0023], lines 8-13: remediation technique(s) are applied to the machine(s) that was attacked; to all devices subject to same vulnerability (based on their real-time software, patch, policy, and configuration status); or to all devices to which selected remediation can be applied)    

Furthermore, Oliphant discloses for c) each associating a patch token with patch details identifying a software patch. (see Oliphant paragraph [0012], lines 12-19: security server downloads a regularly updated list of remediation techniques that can be applied to protect a device from damage due to those vulnerabilities; each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information (patch information) from database) 
Oliphant does not specifically disclose for c) patch information specifying one or more vulnerable patches, and for d) Boolean expression processing patch information, and for e) determining with Boolean expression if software patches are present, and for f) Boolean expression processing patch information, and for g) indicating software component(s) susceptible to software vulnerability.  
However, Loy discloses:
c)  patch information specifying one or more vulnerable patches, and for d) a Boolean expression using one or more of the plurality of patch tokens, the Boolean expression identifying software patches associated with the vulnerability listing object; and e) determining if software patches associated with the one or more patch tokens of the Boolean expression are present; and g) indicating that the software component is susceptible to the software vulnerability based on the evaluation of the Boolean expression. (see Loy col 2, lines 8-18: method includes steps of obtaining an identification of installed components on computer system, and obtaining a list of all relevant patches for installed components; method further generates a Boolean logic expression for each relevant patch, and evaluates each Boolean logic expression to determine a minimal set of patches to be installed, which minimal set of patches include patches for all critical errors; col 2, lines 21-31: Boolean logic expression constructed for a given family of patches; Boolean logic expression expresses which patches (or alternative patch configurations) should be installed in order to have all critical defects effectively patched; col 2, lines 43-49: method then identifies a predecessor list, wherein the predecessor list includes a sequence of patches in a family of patches that precede the given software patch, and constructs a Boolean logic expression of the family of patches; Boolean logic expression, critical patches are ANDed in the Boolean logic expression and supercedes critical patches are ORed in the Boolean logic expression; method evaluates Boolean logic expression with reference to obtained currently installed patches)  
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant for c) patch information specifying one or more vulnerable patches, and for d) Boolean expression processing patch information, and for e) determining with Boolean expression if software patches are present, and for f) Boolean expression processing patch information, and for g) indicating software component(s) susceptible to software vulnerability as taught by Loy. One of ordinary skill in the art would have been motivated to employ the teachings of Loy for the benefits achieved from a system that enables evaluation of software components utilizing Boolean logic expressions within a network environment.  (see Loy col 2, lines 8-18; col 2, lines 21-31) 

Furthermore for Claim 12, Oliphant discloses wherein a processor for executing instructions; and a memory for storing instructions, which when executed by the processor configure the device to perform operations. (see Oliphant paragraph [0012], lines 1-4: includes processor, and memory encoded with programming instructions executable by processor to perform several important security-related functions)

Regarding Claims 2, 13, Oliphant-Loy discloses the method of claim 1 and the device of claim 12, wherein the vulnerability listing object further comprises information for fixing the vulnerability. (see Oliphant paragraph [0012], lines 12-19: security server downloads a regularly updated list of remediation techniques that can be applied to protect a device from damage due to those vulnerabilities; each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information from database; (patch information utilized for fixing vulnerability))    

Regarding Claims 10, 21, Oliphant-Loy discloses the method of claim 1 and the device of claim 12, further comprising determining one or more software components to be checked, wherein the software components to be checked are located on one or more of: a device that the method is performed by; and one or more devices different from the device that the method is performed by. (see Oliphant Fig. 2 (security server 135; computer 137, computer 139); paragraph [0016], lines 7-12: devices 137 and 139 each execute a client-side program that continuously monitors software installation and configuration status for that device; changes to that status are communicated in substantially real time to security server 135, which continuously maintains the information in database 146; security server and monitor computer device are separate objects; (selected: devices different from the device that the method is performed by))    

6.        Claims 3 - 9, 14 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Oliphant in view of Loy and further in view of Vaidya et al. (US Patent No. 7,797,752). 

Regarding Claims 3, 14, Oliphant-Loy discloses the method of claim 2 and the device of claim 13, wherein the information for fixing the vulnerability comprises: a second set of information specifying one or more corrective patch tokens, which if applied as specified in the information to fix the vulnerability; corrective patch information for each of the one or more corrective patch tokens each associating the respective corrective patch token with a corrective patch. (see Oliphant paragraph [0012], lines 12-19: security server downloads a regularly updated list of remediation techniques that can be applied to protect a device from damage due to those vulnerabilities; each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information from database; (corrective patch information))    

Oliphant does not specifically disclose Boolean expression utilized for associating each corrective patch token with a corrective patch location. 
However, Vaidya discloses wherein Boolean expression utilized for associating each respective corrective patch token with a corrective patch location for retrieving the corrective patch. (see Vaidya col 8, lines 28-33: system provides a URL (location, domain name, path identifier) to download patches; downloading patches comprises going to one or more predefined URLs provided for each of the applications that require patches, and downloading the patches)    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant for Boolean expression utilized for associating each corrective patch token with a corrective patch location as taught by Vaidya. One of ordinary skill in the art would have been motivated to employ the teachings of Vaidya for the benefits achieved from a system that enables a security structure in which a computer system is protected from all available vulnerabilities.  (see Vaidya col 2, lines 43-45)

Regarding Claims 4, 15, Oliphant-Loy discloses the method of claim 3 and the device of claim 14, further comprising: 
a)  determining which of the one or more corrective patch identifiers to apply; (see Oliphant paragraph [0012], lines 12-19: security server downloads a regularly updated list of remediation techniques that can be applied to protect a device from damage due to those vulnerabilities; each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information from database; (corrective patch information)) and
d)  applying each of the retrieved corrective patches. (see Oliphant paragraph [0023], lines 8-13: remediation technique(s) are applied to machine(s) attacked; to all devices subject to same vulnerability (based on their real-time software, patch, policy, and configuration status); or to all devices to which selected remediation can be applied)    

Oliphant does not specifically disclose for a) utilizing a Boolean expression process patch information, and for b) determining respective corrective patch location, and for c) retrieving corrective patches from respective patch locations. 
However, Loy discloses:
a)  Boolean expression utilized to process corrective patch; (see Loy col 2, lines 43-49: method then identifies a predecessor list, wherein the predecessor list includes a sequence of patches in a family of patches that precede the given software patch, and constructs a Boolean logic expression of the family of patches; Boolean logic expression, critical patches are ANDed in the Boolean logic expression and supercedes critical patches are ORed in the Boolean logic expression; method evaluates Boolean logic expression with reference to obtained currently installed patches) and   
b)  determining the respective corrective patch location from the corrective patch information; and c) retrieving one or more corrective patches from the respective corrective patch locations. (see Loy col 4, lines 1-14: a database containing patch information provided in connection with computer and utilized by program in making its determination; program receives an identification of software components that are installed on computer; program also retrieves patch information, regarding various family (or families) of patches that are relevant to components that are installed on computer; program identifies patches within the family (or families) of patches that are needed to be installed on computer to correct critical defects) 
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant for a) utilizing a Boolean expression process patch information, and for b) determining respective corrective patch location, and for c) retrieving corrective patches from respective patch locations as taught by Loy. One of ordinary skill in the art would have been motivated to employ the teachings of Loy for the benefits achieved from a system that enables evaluation of software components utilizing Boolean logic expressions within a network environment. (see Loy col 2, lines 8-18; col 2, lines 21-31) 

Regarding Claims 5, 16, Oliphant-Loy discloses the method of claim 4 and the device of claim 15, further comprising:
a)  determining if each of the one or more retrieved corrective patches were successfully applied; (see Oliphant paragraph [0005], lines 4-7: database stores data indicating installed operating system(s), installed software, patches that have been applied (successfully applied), system policies that are in place, and configuration information for each device) and
b)  if one or more of the corrective patches were not successfully applied, providing a notification that one or more of the corrective patches were not successfully applied. (see Oliphant paragraph [0016], lines 7-12: each device execute a client-side program that continuously monitors software installation and configuration status for that device; changes to that status (unsuccessful patch application) are communicated in substantially real time to security server, which continuously maintains the information in database)    

Regarding Claims 6, 17, Oliphant-Loy discloses the method of claim 1 and the device of claim 12.
Oliphant does not specifically disclose retrieving the vulnerability listing object from a network location provided by a base location. 
However, Vaidya discloses wherein further comprising retrieving the vulnerability listing object from a network location provided by a base location comprising a website domain followed by a predetermined location identifier. (see Vaidya col 8, lines 28-33: system provides a URL (domain name, path identifier) to download patches; downloading patches comprises going to one or more predefined URLs provided for each of the applications that require patches, and downloading the patches)    
             It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant for retrieving the vulnerability listing object from a network location provided by a base location as taught by Vaidya.   One of ordinary skill in the art would have been motivated to employ the teachings of Vaidya for the benefits achieved from a system that enables a security structure in which a computer system is protected from all available vulnerabilities.  (see Vaidya col 2, lines 43-45)

Regarding Claims 7, 18, Oliphant-Loy discloses the method of claim 6 and the device of claim 17. 
Oliphant does not specifically disclose location further comprises one or more of: a subdomain; and a path identifier. 
However, Vaidya discloses wherein the base location further comprises one or more of: a subdomain; and a path identifier. (see Vaidya col 8, lines 28-33: system provides a URL (location, domain name, path identifier) to download patches; downloading patches comprises going to one or more predefined URLs provided for each of the applications that require patches, and downloading the patches)    
             It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant for location further comprises one or more of: a subdomain; and a path identifier as taught by Vaidya.  One of ordinary skill in the art would have been motivated to employ the teachings of Vaidya for the benefits achieved from a system that enables a security structure in which a computer system is protected from all available vulnerabilities.  (see Vaidya col 2, lines 43-45)

Regarding Claims 8, 19, Oliphant-Loy discloses the method of claim 6 and the device of claim 18, wherein the vulnerability listing object further comprises: one or more vulnerabilities affecting the product. (see Oliphant paragraph [0012], lines 4-12: security server collects data from devices, including software installed on devices, their configuration and policy settings, and patches that have been installed; security server also obtains from vulnerability and remediation database a regularly updated list of security vulnerabilities in software for a wide variety of operating systems, software applications)    

Oliphant does not specifically disclose a product identifier indicating a software product.
However, Loy discloses wherein a product identifier indicating a software product. (see Loy col 6, lines 7-9: different versions of a given operating system (i.e. product identifier), different patches correcting similar errors, may be provided)
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant for a product identifier indicating a software product as taught by Loy. One of ordinary skill in the art would have been motivated to employ the teachings of Loy for the benefits achieved from a system that enables evaluation of software components utilizing Boolean logic expressions within a network environment. (see Loy col 2, lines 8-18; col 2, lines 21-31)

Regarding Claims 9, 20, Oliphant-Loy discloses the method of claim 8 and the device of claim 19, wherein the one or more vulnerabilities are specified within the vulnerability listing object indirectly by referencing a second vulnerability listing object. (see Oliphant paragraph [0012], lines 12-19: security server downloads a regularly updated list of remediation techniques that can be applied to protect a device from damage due to those vulnerabilities; each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information from database; (corrective patch information)) 

7.        Claims 11, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Oliphant in view of Loy and further in view of Hibbert et al. (US PGPUB No. 20140245376). 

Regarding Claims 11, 22, Oliphant-Loy discloses the method of claim 1 and the device of claim 12, wherein the vulnerability listing object further comprises version check information comprising:
c)  wherein the version check information is used to determine if software is vulnerable by: determining a version number of a software component to be checked for susceptibility to the software vulnerability; (see Oliphant paragraph [0012], lines 12-19: security server downloads a regularly updated list of remediation techniques that can be applied to protect a device from damage due to those vulnerabilities; each vulnerability in remediation database is identified by a vulnerability identifier, and vulnerability identifier is used to retrieve remediation information (patch information) from database) and 
d)  applying the determined version number according to the one or more version rules. (see Oliphant paragraph [0023], lines 8-13: remediation technique(s) are applied to the machine(s) that was attacked; to all devices subject to same vulnerability (based on their real-time software, patch, policy, and configuration status); or to all devices to which selected remediation can be applied)       

Oliphant-Loy does not specifically disclose for a) version rules providing a version definition for a software version number, and for b) identifying software versions associated with vulnerability. 
However, Hibbert discloses:
a)  one or more version rules providing a version definition of how a software version number is formed from a plurality of tokens; and b) using one or more of the plurality of tokens, identifying software versions associated with the vulnerability listing object; (see Hibbert paragraph [0243], lines 12-14: identifier module generates application identifier or retrieves an application identifier from scanned directory; identifier module and/or security server scans user device or receive records and parses file identifiers and/or attributes from records to identify applications and/or attributes; paragraph [0245], lines 1-5: attributes identify version information for application or any other information used to identify application)     
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant-Loy for a) version rules providing a version definition of how a software version number, and for b) identifying software versions associated with vulnerability as taught by Hibbert.   One of ordinary skill in the art would have been motivated to employ the teachings of Hibbert for the benefits achieved from a system that enables generation of version information utilized to identify applications within a patch type environment.  (see Hibbert paragraph [0243]; [0245])  

Oliphant-Hibbert does not specifically disclose for b) Boolean expression utilized to process patch information, and for d) Boolean expression utilized to process patch information. 
However, Loy discloses: 
b)  Boolean expression utilized to process patch information; and d) Boolean expression utilized to process patch information. (see Loy col 2, lines 8-18: method includes steps of obtaining an identification of installed components on computer system, and obtaining a list of all relevant patches for installed components; method further generates a Boolean logic expression for each relevant patch, and evaluates each Boolean logic expression to determine a minimal set of patches to be installed, which minimal set of patches include patches for all critical errors; col 2, lines 21-31: Boolean logic expression constructed for a given family of patches; Boolean logic expression expresses which patches (or alternative patch configurations) should be installed in order to have all critical defects effectively patched)  
             It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Oliphant-Hibbert for b) Boolean expression utilized to process patch information, and for d) Boolean expression utilized to process patch information as taught by Loy. One of ordinary skill in the art would have been motivated to employ the teachings of Loy for the benefits achieved from a system that enables evaluation of software components utilizing Boolean logic expressions within a network environment.  (see Loy col 2, lines 8-18; col 2, lines 21-31)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032. The examiner can normally be reached Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



                                                                                                                                                                                                

/CJ/
May 23, 2022
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436