Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
This office action is response to the application 17/141,736 filed on 01/05/2021. Claims 13-31 are pending in this communication. Claims 1-12 have been canceled.

Priority
This application claims priority from JAPAN 2016-067734 03/30/2016.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 01/05/2021, 12/15/2021 & 03/28/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner. 

Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and email address in next communication, which will be very helpful to advance the prosecution.
Generally the text that are italicized are claims; the text that are in bold are reference citations (with some obvious exception); the text which is neither italicized nor bolded are by the examiner.
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Objection 
The title of the invention is not descriptive. A new title is requested which is clearly indicative of the invention to which the independent claims are directed to.

Claim Rejections - 35 USC § 103
The following is a quotation of AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 13, 22 & 31 are rejected under AIA  35 U.S.C. 103 as being unpatentable over SWEET; Carson et al., Pat. No.: US 10,367,834 B2 in view of GOOCH; Mark et al., Pub. No.: US 2010/0142371 A1.

Regarding Claims 1-12, canceled.

Regarding Claim 13, SWEET discloses a method performed by a device connected with plurality of terminals, comprising:
acquiring countermeasure information regarding a countermeasure applicable to one or more terminals, among the plurality of terminals {ABS. & col. 9 lines 1-9, claim 1: “an enumerated countermeasure responsive to the corresponding threat vector. The one or more programs further comprise instructions for identifying an active threat by comparing the data collected at the one or more remote computing assets against the trigger definition of respective workflow templates in the plurality of workflow templates”},
acquiring, for each of the one or more terminals, operating state information of the respective terminal corresponding to time information {col. 38 lines 9-14, “a current state of the operating system of the remote device 1050, (ii) a current state of the security control module, and, optionally, (iii) a current state of one or more applications running in the operating system on the first remote device. The set of commands is placed in a command queue for retrieval”. … col. 3 lines 11-14, “countermeasure breaks the chain of vulnerabilities exploited by a threat vector in real time or near real time upon detection of an explicit threat associated with the threat vector”}, and
calculating, based on the countermeasure information and the operating state information {col. 4 lines 27-30: “when a match between the data collected at the one or more remote computing assets and a specific trigger definition of a corresponding specific workflow template is identified, an active threat is deemed to be identified”}, …
SWEET, however, does not explicitly disclose
… a number of terminals, among the plurality of terminals, to which the countermeasures is not applied.
In an analogous reference GOOCH discloses
… a number of terminals, among the plurality of terminals, to which the countermeasures is not applied {[0013], “A server, database server 110-5 for example, could serve as a Checking Functionality (CF) server, storing the list of available CFs for the network (where a CF can be an IS, counting device, accounting device, remediation device, Access Point Controller etc.). The examples described here do not provide an exhaustive list of servers or CFs that may be used in a network”. … [0020], “the checking functionality 150-1 or 150-2 can perform the role of an intrusion detection system (IDS), or another diagnostic device, accounting device, counting device, etc., as may be supplied by a third party vendor”. Examiner’s note: the CF functionality keeps track of devices in different elements like intrusion countermeasure applied or not, as summarized in title the technique runs inspection of devices}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify SWEET’s technique of ‘applying security intrusion remediation as per intrusion type after collecting current status of the target device’ to ‘monitor and inspect status of devices during and after remediation steps for a security intrusion’, as taught by GOOCH, in order to defend devices against security intrusion. The motivation is – implementing intrusion prevention systems in which authorization from at least two authorization contacts across established trust channels is obtained before enacting a countermeasure responsive to a detected intrusion of a protected computing asset, benefit is appropriate remediation of intrusion with two authorizations to avoid one authorization intrusion.

Regarding claim 22, claim 22 is claim to an apparatus using the method of claim 13. Therefore, claim 22 is rejected for the reasons set forth for claim 13.

Regarding claim 31, claim 31 is claim to a non-transitory computer-readable medium using the method of claim 13. Therefore, claim 31 is rejected for the reasons set forth for claim 13.

Claims 14-17, 19, 20, 23-26, 28 & 29 are rejected under AIA  35 U.S.C. 103 as being unpatentable over SWEET; Carson et al., Pat. No.: US 10,367,834 B2 in view of GOOCH; Mark et al., Pub. No.: US 2010/0142371 A1 and further in view of IRIGUCHI; Kota et al., Pub. No.: US 2014/0068613 A1.

Regarding Claim 14, SWEET as modified by GOOCH discloses all the features of claim 13. However, the combination does not explicitly disclose
wherein the calculating is performed based on a predetermined time.
 In an analogous reference IRIGUCHI discloses
wherein the calculating is performed based on a predetermined time {[0035], “The operation unit 1b then determines a schedule (an order of application) for applying the plurality of update programs to the plurality of virtual machines”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify SWEET’s technique as modified by GOOCH of ‘applying security intrusion remediation as per intrusion type after collecting current status of the target device to monitor and inspect status of devices during and after remediation steps for a security intrusion’ for ‘scheduling installation of software patches’ by IRIGUCHI, in order to remediate intrusions’. The motivation is - in addition to security fixes, software updates can also include new or enhanced security features, or better compatibility with different devices or applications. They can also improve the stability of software, and remove outdated security features.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. 

Regarding Claim 15, SWEET as modified by GOOCH & IRIGUCHI discloses all the features of claims 14 & 13. The combination further discloses
wherein the predetermined time is a time in future {IRIGUCHI: [0035], “The operation unit 1b then determines a schedule (an order of application) for applying the plurality of update programs to the plurality of virtual machines”. Examiner’s note: no body can schedule for past or present, scheduling is only for future}. 

Regarding Claim 16, SWEET as modified by GOOCH & IRIGUCHI discloses all the features of claims 14 & 13. The combination further discloses
wherein the predetermined time comprises a plurality of predetermined times {IRIGUCHI: Fig. 12 step S43, S45 & [0134], “(Step S43) The control unit 130 determines whether there is a scheduled patch having a dependency relationship with the patch selected at step S42. If there is such a patch, the process proceeds to step S44. Otherwise, the process proceeds to step S45. A scheduled patch having a dependency relationship is as follows: (1) a prerequisite patch whose name is indicated in the Prerequisite Patch field of the patch management table 112 in association with the currently selected patch”. Examiner’s note: schedule sets series of patches to be installed based on pre-req patch or other updates}.

Regarding Claim 17, SWEET as modified by GOOCH discloses all the features of claim 13. The combination, however, does not explicitly disclose
wherein the calculating is performed using prediction of a timing related to application of the countermeasure to the respective terminal.
IRIGUCHI further discloses
wherein the calculating is performed using prediction of a timing related to application of the countermeasure to the respective terminal {IRIGUCHI: [0035], “The operation unit 1b then determines a schedule (an order of application) for applying the plurality of update programs to the plurality of virtual machines based on a result of comparing the evaluated load and an upper load limit allowable for the information processing apparatus 2. In this connection, the time to start to apply the update programs to the virtual machines 2a and 2b is previously determined”. Examiner’s note: there is no such thing ‘prediction’ in scientific field, all it is applying a condition. Calculating a load threshold is predicting for this case}.

Regarding Claim 19, SWEET as modified by GOOCH discloses all the features of claim 13. The combination, however, does not explicitly disclose
wherein the operating state information is scheduled restart time.
IRIGUCHI further discloses
wherein the operating state information is scheduled restart time {[0035], “The operation unit 1b then determines a schedule (an order of application) for applying the plurality of update programs to the plurality of virtual machines”}.

Regarding Claim 20, SWEET as modified by GOOCH discloses all the features of claim 13. The combination, however, does not explicitly disclose
wherein the countermeasure is applying a patch.
IRIGUCHI further discloses
wherein the countermeasure is applying a patch {Fig. 11 & [0117], “(Step S31) The control unit 130 identifies patches to be applied”}.

Regarding claim 23, claim 23 is a dependent claim of claim 22, claim 23 is claim to apparatus using the method of claim 14. Therefore, claim 23 is rejected for the reasons set forth for claim 14.

Regarding claim 24, claim 24 is a dependent claim of claims 23 & 22, claim 24 is claim to apparatus using the method of claim 15. Therefore, claim 24 is rejected for the reasons set forth for claim 15.

Regarding claim 25, claim 25 is a dependent claim of claims 23 & 22, claim 25 is claim to apparatus using the method of claim 16. Therefore, claim 25 is rejected for the reasons set forth for claim 16.

Regarding claim 26, claim 26 is a dependent claim of claim 22, claim 26 is claim to apparatus using the method of claim 17. Therefore, claim 26 is rejected for the reasons set forth for claim 17.

Regarding claim 28, claim 28 is a dependent claim of claim 22, claim 28 is claim to apparatus using the method of claim 19. Therefore, claim 28 is rejected for the reasons set forth for claim 19.

Regarding claim 29, claim 29 is a dependent claim of claim 22, claim 29 is claim to apparatus using the method of claim 20. Therefore, claim 29 is rejected for the reasons set forth for claim 20.

Claims 18 & 27 are rejected under AIA  35 U.S.C. 103 as being unpatentable over SWEET; Carson et al., Pat. No.: US 10,367,834 B2 in view of GOOCH; Mark et al., Pub. No.: US 2010/0142371 A1 and further in view of SAYAMA; Katsumi, Pub. No.: US 2017/0264768 A1.

Regarding Claim 18, SWEET as modified by GOOCH discloses all the features of claim 13. However, the combination does not explicitly disclose
wherein the operating state information is history of restart of the terminal.
In an analogous reference SAYAMA discloses
wherein the operating state information is history of restart of the terminal {[0055], “when scheduled reboot has been executed, the control unit 10 stores information on a reboot history in the non-volatile memory 13. A piece of reboot history information shall be stored, and the latest reboot history is stored”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify SWEET’s technique as modified by GOOCH of ‘applying security intrusion remediation as per intrusion type after collecting current status of the target device to monitor and inspect status of devices during and after remediation steps for a security intrusion’ to consider reboot history of a device, as taught by SAYAMA in order to plan for the root cause issues. The motivation is not to ignore issues of prior reboots and apply proper updates, this saves time, money and improves product quality and less down time.

Regarding claim 27, claim 27 is a dependent claim of claim 22, claim 27 is claim to apparatus using the method of claim 18. Therefore, claim 27 is rejected for the reasons set forth for claim 18.

Claims 21 & 30 are rejected under AIA  35 U.S.C. 103 as being unpatentable over SWEET; Carson et al., Pat. No.: US 10,367,834 B2 in view of GOOCH; Mark et al., Pub. No.: US 2010/0142371 A1 and further in view of Balasubramanian; Harish et al., Pub. No.: US 2013/0247191 A1.

Regarding Claim 21, SWEET as modified by GOOCH discloses all the features of claim 13. However, the combination does not explicitly disclose
wherein the countermeasure is blocking a port.
In an analogous reference Balasubramanian discloses
wherein the countermeasure is blocking a port {[0031], “the remedial action may include determining (e.g. by querying the first device) whether the port manager includes a rule for blocking communication over all ports of the first device for all processes except processes required for remediation purposes (e.g. security system processes of the first device such as anti-virus system processes, signature updater processes, etc.)”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify SWEET’s technique as modified by GOOCH of ‘applying security intrusion remediation as per intrusion type after collecting current status of the target device to monitor and inspect status of devices during and after remediation steps for a security intrusion’ to ‘shut a device interface in the event of a security breach’, as taught by Balasubramanian, in order to secure computer network. The motivation is to immediately isolate the source interface of the data piracy and minimize damage before an appropriate remedial action can be decided and applied.

Regarding claim 30, claim 30 is a dependent claim of claim 22, claim 30 is claim to apparatus using the method of claim 21. Therefore, claim 30 is rejected for the reasons set forth for claim 21.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B. Patel can be reached on 571-272-3972. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491