Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .




DETAILED ACTION
This action is in response to the Amendment filed on 06/01/2022.
Claims 1-20 are under examination.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 10-11 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bernardini et al. (US 2018/0336055 A1), Awate et al. (US 2019/0384914 A1) and Mao (US 2015/0244729 A1).
Regarding claim 1, Bernardini et al. discloses A system comprising: at least one processor and memory having instructions that, when executed, cause the at least one processor to perform operations comprising: retrieving a snapshot image of a production machine [par. 0035, “The cloud management component 112 can use image analysis tool 222 to compare the artifacts associated with the snapshots 230A-230C to image_meta 212 in order to determine the set of changes (or modifications) made to each of the instance images 210A-210C”], the snapshot image corresponding to a first virtual machine of the production machine and including first software information for the first virtual machine [par. 0019, “the cloud management component can capture a snapshot of each instance image while the virtual machine is running on the instance image”, par. 0016, “the virtual machine image can include the operating system, data files, applications, virtual disk, etc.”, par. 0035, “he cloud management component 112 can use snapshot tool 220 to capture snapshots (at different points in time) of the instance images 210A-C, while the virtual machines operate on the instance images 210A-C”]; processing the snapshot image to identify first patch information associated with a first software module; and pushing the first patch information to the production machine based on the processing the first software information [par. 0037, “The patch generator 224 can determine the set of relevant instance images (to apply the binaries to) based on the tracked modifications from the snapshots 230A-C and the list of changes associated with the patch. For example, assume that the patch includes an update to component A associated with image_meta 212. In this example, if the patch generator 224 determines from the snapshots of the instance images 210A-C that instance images 210A-B have component A but instance image 210C does not have component A (e.g., due to modification), the patch generator 224 may not apply the binary files to instance image 210C. Thus, in an illustration of this example shown in FIG. 2B, the patch generator can apply binary files 240 to both instance images 210A and 210B, but not instance image 210C”].  
Bernardini et al. further disclose storing snapshots in storage. Bernardini et al. does not explicitly disclose retrieving a snapshot image from a database.
However Awate et al. teaches retrieving a snapshot image from a database [par. 0034, “the event handler 210 retrieves the snapshot form the event database 212 and restores the virtual machine 114 to a trusted state based on the snapshot”, par. 0061].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Awate et al. into the teaching of Bernardini et al. with the motivation  to validate and restore machine configurations as taught by Awate et al. [Awate et al.: abs.].
They do not explicitly disclose processing the snapshot image to identify first patch information associated with a first software module based at least in part on a comparison of the first software information included in the snapshot image to a set of software vulnerabilities, the first patch information for remediating a software vulnerability that corresponds to the first software information and is included in the set of software vulnerabilities.
However Mao teaches processing the snapshot image to identify first patch information associated with a first software module based at least in part on a comparison of the first software information included in the snapshot image to a set of software vulnerabilities, the first patch information for remediating a software vulnerability that corresponds to the first software information and is included in the set of software vulnerabilities [par. 0050, “The assessment server may include any type of fingerprint look-up system that may provide assessments of applications and/or system images in response to receiving fingerprints of applications and/or system images. For example, the assessment server may include and/or have access to a database correlating current assessments of applications and/or system images with the fingerprints of the applications and/or system images”, par. 0051, “The assessment of the system image may include any of a variety of information. For example, the assessment of the system image may include an assessment of an individual application within the plurality of applications. In some examples, the assessment of the individual application may indicate that the individual application is subject to a remediation action. For example, the assessment of the individual application may indicate that the individual application includes malware, includes a security vulnerability, may negatively impact system performance, and/or has inappropriate permissions. In this example, fulfilling module 110 may perform the remediation on the individual application”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Mao et al. into the teaching of Bernardini et al. and Awate et al. with the motivation  to reduce the computational burden on both computing devices with pre-installed applications and security servers that supply security assessments for applications installed on the computing devices as taught by Mao [Mao: par. 0021].

Regarding claim 2, the rejection of claim 1 is incorporated.
Bernardini et al. further disclose the first patch information causes an installation of a second software module on the first virtual machine in the production machine, wherein the first software module is being replaced by the second software module on the production machine [par. 0029, “the cloud management component 112 can mount the virtual disk (e.g., .vhd, .vdi, .vdmk, etc.) for each virtual machine, locate the file(s) associated with the instance image of the virtual machine, and update the file(s) with the update binary files of the software update”].
Regarding claim 10, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 11, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 19, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 20, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.

Claims 3, 6, 12 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Bernardini et al. (US 2018/0336055 A1), Awate et al. (US 2019/0384914 A1) and Mao (US 2015/0244729 A1) as applied to claims 1-2, 10-11 and 19-20 above, and further in view of Beaty et al. (US 2011/0197097 A1).
Regarding claim 3, the rejection of claim 1 is incorporated.
Bernardini et al. and Awate et al. discloses the snapshot image.
They do not explicitly disclose the snapshot image includes first hypervisor information including a first hypervisor executing on the production machine, wherein the first hypervisor information further includes a first plurality of virtual machines executing on the production machine and being supervised by the first hypervisor, and wherein the first plurality of virtual machines includes the first virtual machine.
However Beaty et al. teaches the snapshot image includes first hypervisor information including a first hypervisor executing on the production machine [par. 0049, “The above description referred to system snapshots as the information or data being captured and collected at each point or phase in the installation or deployment.. hypervisor-directed shanpshots”, par. 0050, “In hypervisor-level snapshotting, a copy-on-write is created from the disk image when the snapshot is taken”], wherein the first hypervisor information further includes a first plurality of virtual machines executing on the production machine and being supervised by the first hypervisor, and wherein the first plurality of virtual machines includes the first virtual machine [par. 0026, “Item C (106) represents a cloud environment with virtual machines (Items D (108), E (110)) residing on hypervisors that expose application program interfaces (APIs) allowing system checkpoint snapshots to be triggered programmatically”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Beaty et al. into the teaching of Bernardini et al., Awate et al. and Mao with the motivation of allowing for control of the deployment validation and troubleshooting in virtual environments as taught by Beaty et al. [Beaty et al.: par. 0053].
Regarding claim 6, the rejection of claim 1 is incorporated.
Bernardini et al. and Awate et al. discloses the snapshot image.
They do not explicitly disclose the snapshot image includes second hypervisor information including a second hypervisor executing on the production machine, wherein the second hypervisor information further includes a second plurality of virtual machines executing on the production machine and being supervised by the second hypervisor, the second plurality of virtual machines including a second virtual machine, the second virtual machine including second software information including security information.
However Beaty et al. teaches the snapshot image includes second hypervisor information including a second hypervisor executing on the production machine [par. 0049, “The above description referred to system snapshots as the information or data being captured and collected at each point or phase in the installation or deployment.. hypervisor-directed shanpshots”, par. 0050, “In hypervisor-level snapshotting, a copy-on-write is created from the disk image when the snapshot is taken”], wherein the second hypervisor information further includes a second plurality of virtual machines executing on the production machine and being supervised by the second hypervisor, the second plurality of virtual machines including a second virtual machine, the second virtual machine including second software information including security information [par. 0026, “Item C (106) represents a cloud environment with virtual machines (Items D (108), E (110)) residing on hypervisors that expose application program interfaces (APIs) allowing system checkpoint snapshots to be triggered programmatically”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Beaty et al. into the teaching of Bernardini et al., Awate et al. and Mao with the motivation of allowing for control of the deployment validation and troubleshooting in virtual environments as taught by Beaty et al. [Beaty et al.: par. 0053].
Regarding claim 12, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 15, it recites limitations similar to claim 6. The reason for the rejection of claim 16is incorporated herein.

Claims 4-5 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Bernardini et al. (US 2018/0336055 A1), Awate et al. (US 2019/0384914 A1) and Mao (US 2015/0244729 A1) as applied to claims 1-2, 10-11 and 19-20 above, and further in view of Fifer et al. (US 2010/0175068 A1).
Regarding claim 4, the rejection of claim 1 is incorporated.
Bernardini et al. and Awate et al. discloses the first software information and a plurality of software modules installed on the first virtual machine.
They do not explicitly disclose the first software information includes a first software registry and wherein the processing the first software information includes:  Attorney Docket No. 5178.070US160inspecting the first software registry to generate list information, the list information describing at least a plurality of software modules installed, the plurality of software modules including the first software module; and comparing the list information with criterion information to identify the first patch information in association with a vulnerability identifier, wherein the pushing the first patch information to the production machine is responsive to the comparing.
However Fifer et al. teaches the first software information includes a first software registry and wherein the processing the first software information includes:  Attorney Docket No. 5178.070US160inspecting the first software registry to generate list information, the list information describing at least a plurality of software modules installed, the plurality of software modules including the first software module [par. 0012, “a registry 12 including information on installed programs, including information on installed versions and patch numbers”]; and comparing the list information with criterion information to identify the first patch information in association with a vulnerability identifier, wherein the pushing the first patch information to the production machine is responsive to the comparing [par. 0049, “The update compliance may be specified by a network access control of a network in which the device 2 operates or may be specified by programs installed in the device 2. Upon initiating (at block 100) update compliance and in response to receiving (at block 102) indication of an update for the device 2 in which the update module 16 operates, the update module 16 determines (at block 104) whether the indicated update has been applied to the device 2. This determination may be made by checking the registry 12 database which indicates installed programs, including versions of the installation. The update module 16 may receive either an indication of an update 14 that the update module 16 needs to download or access from an external source or the indication may comprise receiving the update 14 itself.”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Fifer et al. into the teaching of Bernardini et al., Awate et al. and Mao with the motivation to stimulate a user of the device to apply necessary updates as taught by Fifer et al. [Fifer et al.: abs.].
Regarding claim 5, the rejection of claim 4 is incorporated.
Fifer et al. further teaches the comparing includes identifying a version of a software module in the list information that matches the criterion information [par. 0012, “a registry 12 including information on installed programs, including information on installed versions and patch numbers”, par. 0049, “This determination may be made by checking the registry 12 database which indicates installed programs, including versions of the installation”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Fifer et al. into the teaching of Bernardini et al. and Awate et al. with the motivation to stimulate a user of the device to apply necessary updates as taught by Fifer et al. [Fifer et al.: abs.].
Regarding claim 13, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 14, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.

Claims 7-8 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Bernardini et al. (US 2018/0336055 A1), Awate et al. (US 2019/0384914 A1), Mao (US 2015/0244729 A1) and Beaty et al. (US 2011/0197097 A1) as applied to claims 3, 6, 12 and 15 above, and further in view of Kiefer et al. (US 7,921,335 B2).
Regarding claim 7, the rejection of claim 6 is incorporated.
Bernardini et al. and Awate et al. discloses the snapshot image.
They do not explicitly disclose the second software information includes a second software registry, and wherein the second software registry includes security information including at least one of firewall information, file share information, and network configuration information. 
However Kiefer et al. teaches the second software information includes a second software registry, and wherein the second software registry includes security information including at least one of firewall information, file share information, and network configuration information [claim 1, “the configuration information is located in a registry entry for the application, wherein the configuration information identifies resources that the application needs to access, and wherein the resources include at least one of a set of ports in a firewall, a server that provides data to the application, and a set of communications ports”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Kiefer et al. into the teaching of Bernardini et al., Awate et al., Mao and Kiefer et al. with the motivation for performing diagnostic testing for an application executing on a computer as taught by Kiefer et al. [Kiefer et al.: claim 1].
Regarding claim 8, the rejection of claim 7 is incorporated.
Bernardini et al. further disclose processing the second software information associated with the second virtual machine to identify second patch information associated with the security information; and  Attorney Docket No. 5178.070US161pushing the second patch information to the production machine based on the processing the second software information, wherein the second patch information causes a patch of the security information [par. 0037, “The patch generator 224 can determine the set of relevant instance images (to apply the binaries to) based on the tracked modifications from the snapshots 230A-C and the list of changes associated with the patch. For example, assume that the patch includes an update to component A associated with image_meta 212. In this example, if the patch generator 224 determines from the snapshots of the instance images 210A-C that instance images 210A-B have component A but instance image 210C does not have component A (e.g., due to modification), the patch generator 224 may not apply the binary files to instance image 210C. Thus, in an illustration of this example shown in FIG. 2B, the patch generator can apply binary files 240 to both instance images 210A and 210B, but not instance image 210C”].  
Regarding claim 16, it recites limitations similar to claim 7. The reason for the rejection of claim 7 is incorporated herein.
Regarding claim 17, it recites limitations similar to claim 8. The reason for the rejection of claim 8 is incorporated herein.

Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Bernardini et al. (US 2018/0336055 A1), Awate et al. (US 2019/0384914 A1) and Mao (US 2015/0244729 A1) as applied to claims 1-2, 10-11 and 19-20 above, and further in view of Muddu et al. (US 2017/0063896 A1).
Regarding claim 9, the rejection of claim 1 is incorporated.
Bernardini et al. and Awate et al. disclose pushing the patch information into the production machine.
They do not disclose presenting an electronic user interface describing an historical vulnerability timeline, wherein the historical vulnerability timeline includes a set of user interface elements signifying a start date and an end date associated with a vulnerability identifier.
However Muddu et al. teaches presenting an electronic user interface describing an historical vulnerability timeline, wherein the historical vulnerability timeline includes a set of user interface elements signifying a start date and an end date associated with a vulnerability identifier [par. 0457, “The “Threats Review” view 4000 can additionally include a status chart 4004 that provides a Timeline, list of Anomalies, list of Users, list of Devices, list of Apps, and a suggestion of “What Next.” The Timeline identifies the date that the threat began, the last update concerning the threat, and the duration of time that the threat has been active. The list of Anomalies identifies each type of anomaly that is associated with the threat and how many anomalies of each type”, par. 0500, “The “User Threats” view 4730 also may include a “User Threats Timeline” box 4735 that visually depicts when the user became associated with each type of threat identified in 4731 and the duration of that threat. The data on the timeline can be color-coded according to the score of the threat. Hovering (or highlighting) the data on the timeline causes the GUI to generate a text bubble that summarizes the identity and timing of the threat”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Muddu et al. into the teaching of Bernardini et al., Awate et al. and Mao the motivation such that by visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly as taught by Muddu et al. [Muddu et al.: abs.].
Regarding claim 18, it recites limitations similar to claim 9. The reason for the rejection of claim 9 is incorporated herein.

Response to Arguments
Applicant’s arguments, filed on 06/01/2022, with respect to rejection under 35 USC § 103 have been considered but are moot in view of the new ground(s) of rejection.



Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 20170192853 A1		METHOD AND SYSTEM TO DISCOVER AND MANAGE DISTRIBUTED APPLICATIONS IN VIRTUALIZATION ENVIRONMENTS
US 20160378456 A1		METHOD FOR OFFLINE UPDATING VIRTUAL MACHINE IMAGES
US 9032373 B1		End To End Testing Automation And Parallel Test Execution
US 20130086585 A1		Managing The Persistent Data Of A Pre-Installed Application In An Elastic Virtual Machine Instance
US 20040205748 A1		System And Method For Providing Service Of Automated Creation Of Computer Software Production Images
US 7356679 B1		Computer Image Capture, Customization And Deployment
US 20110197051 A1		System And Method For Information Handling System Image Management Deployment
US 10581897 B1		Method And System For Implementing Threat Intelligence As A Service
US 20110055714 A1		MANAGING VIRTUAL MACHINES

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM TO 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JASON CHIANG/Primary Examiner, Art Unit 2431