DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a reply to the application filed on 11/25/2020, in which, claim(s) 1-13 are pending. Claims 1, 7 and 13 are independent.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/25/2020, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Terminal Disclaimer
The terminal disclaimers filed on 06/30/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent No. 10,917,428 have been reviewed and are accepted.  The terminal disclaimers have been recorded.

Drawings
The drawings filed on 11/25/2020 are accepted by The Examiner.

EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given in a telephone interview with Attorney Brian S. Boon (Reg. No. 77,640) on 06/29/2022. 

The application has been amended as follows:
Please replace claim 1 with:
1. (Currently amended) A system for holistic computer system cybersecurity evaluation and rating, comprising: 
a first computing device comprising a memory and a processor;
a system analyzer comprising a first plurality of programming instructions stored in the memory of, and operating on the processor of, the first computing device, wherein the first plurality of programming instructions, when operating on the processor, causes the first computing device to: 
receive a system definition comprising:
a software definition comprising executable binary code for an application; 
a hardware definition comprising a specification for a second computing device; and
an operating system definition for the second computing device, the operating system definition comprising executable binary code for an operating system;
identify a software function defined by the software definition and compare the function to a database of software functions to establish a software cybersecurity score;
identify a hardware component defined by the hardware definition and compare the component to a database of components to establish a hardware cybersecurity score; and
identify an operating system function defined by the operating system definition and compare the function to a database of operating system functions to establish an operating system cybersecurity score; 
a scoring engine comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the first computing device, wherein the second plurality of programming instructions, when operating on the processor, cause the first computing device to:
generate a cybersecurity score for the second computing device based on a combination of the software cybersecurity score, the hardware cybersecurity score, and the operating system cybersecurity score; and
update the cybersecurity score with an updated hardware cybersecurity score from a hardware emulator; and
[[the hardware emulator comprising a third plurality of programming instructions stored in the memory of, and operating on the processor of, the first computing device, wherein the third plurality of programming instructions, when operating on the processor, cause the first computing device to: 
emulate functioning of the second computing device on the first computing device by:
executing a set of functions that emulate the operation of the second computing device as defined by the hardware definition;
receiving and installing the operating system on the emulated second computing device;
receiving and installing the application on the emulated second computing device; and
executing the application on the emulated second computing device using the operating system; and
analyze the functioning of the second computing device by executing an attack on the emulated second computing device associated with a known hardware exploit to:
determine whether the emulated second computing device is susceptible to the known hardware exploit; 
update the hardware cybersecurity score using the determination; and
send the updated hardware cybersecurity score to the scoring engine.

Please replace claim 7 with:
7. (Currently Amended) A method for holistic computer system cybersecurity evaluation and rating, comprising the steps of: 
receiving a system definition comprising:
a software definition comprising executable binary code for an application;
a hardware definition comprising a specification for a second computing device; and
an operating system definition for the second computing device, the operating system definition comprising executable binary code for an operating system;
identifying a software function defined by the software definition and compare the function to a database of software functions to establish a software cybersecurity score;
identifying a hardware component defined by the hardware definition and compare the component to a database of components to establish a hardware cybersecurity score;
identifying an operating system function defined by the operating system definition and compare the function to a database of operating system functions to establish an operating system cybersecurity score; and
generating a cybersecurity score for the second computing device based on a combination of the software cybersecurity score, the hardware cybersecurity score, and the operating system cybersecurity score;
emulating functioning of the second computing device on a first computing device by:
executing a set of functions that emulate the operation of the second computing device as defined by the hardware definition;
receiving and installing the operating system on the emulated second computing device;
receiving and installing the application on the emulated second computing device; and
executing the application on the emulated second computing device using the operating system; and
analyzing the functioning of the second computing device by executing an attack on the emulated second computing device associated with a known hardware exploit to:
determine whether the emulated second computing device is susceptible to the exploit; 
update the hardware cybersecurity score using the determination; and
update the cybersecurity score using the updated hardware cybersecurity score.

Please replace claim 13 with:
13. (Currently Amended) A method for holistic computer system cybersecurity rating, comprising the steps of: 
generating a cybersecurity score for a computing device by combining separate analyses of:
a software function of a software component comprising executable binary code for an application;
a hardware component comprising a specification for a second computing device; and
an operating system function of an operating system component of a computer system comprising executable binary code for an operating system;
emulating functioning of the second computing device on a first computing device by:
executing a set of functions that emulate the operation of the second computing device as defined by the hardware definition;
receiving and installing the operating system on the emulated second computing device;
receiving and installing the application on the emulated second computing device; and
executing the application on the emulated second computing device using the operating system;
analyzing the functioning of the second computing device by executing an attack on the emulated second computing device associated with a known hardware exploit to:
determine whether the emulated second computing device is susceptible to the exploit; and
update the hardware cybersecurity score using the determination; 
update the cybersecurity score using the updated hardware cybersecurity score;
adjusting the cybersecurity score to reflect a domain in which the computer system will be used;
adjusting the cybersecurity score to reflect a use to which the computer system will be put;
adjusting the cybersecurity score to reflect a criticality of the computer system to overall operations of a business or larger network of computers; and
adjusting the cybersecurity score to reflect a magnitude of losses that would occur if the system was compromised.

Allowable Subject Matter
Claims 1-13 are allowed.
The following is an examiner's statement of reasons for allowance:
Independent Claim(s) and their respective dependent claims are allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:

In claim 1:
“update the cybersecurity score with an updated hardware cybersecurity score from a hardware emulator; and
the hardware emulator comprising a third plurality of programming instructions stored in the memory of, and operating on the processor of, the first computing device, wherein the third plurality of programming instructions, when operating on the processor, cause the first computing device to: 
emulate functioning of the second computing device on the first computing device by:
executing a set of functions that emulate the operation of the second computing device as defined by the hardware definition;
receiving and installing the operating system on the emulated second computing device;
receiving and installing the application on the emulated second computing device; and
executing the application on the emulated second computing device using the operating system; and
analyze the functioning of the second computing device by executing an attack on the emulated second computing device associated with a known hardware exploit to:
determine whether the emulated second computing device is susceptible to the known hardware exploit; 
update the hardware cybersecurity score using the determination” in combination with other limitations recited as specified in the independent claim(s). 

In claims 7 and 13:
“emulating functioning of the second computing device on a first computing device by:
executing a set of functions that emulate the operation of the second computing device as defined by the hardware definition;
receiving and installing the operating system on the emulated second computing device;
receiving and installing the application on the emulated second computing device; and
executing the application on the emulated second computing device using the operating system;
analyzing the functioning of the second computing device by executing an attack on the emulated second computing device associated with a known hardware exploit to:
determine whether the emulated second computing device is susceptible to the exploit; and
update the hardware cybersecurity score using the determination; 
update the cybersecurity score using the updated hardware cybersecurity score” in combination with other limitations recited as specified in the independent claim(s). 

The closest prior art made of record are:
Gerritz et al. (US 2016/0099960 A1) teaches a method for scanning hosts using an autonomous, self-destructing payload, deploying, by a computing device, at least one payload to at least one host, the at least one payload comprising at least one instruction to scan the at least one host for malicious activity, an instruction to produce and store in the memory of the at least one host an encrypted output file, and an instruction to delete the payload.
Derbeko et al. (US 10,320,828 B1) teaches a method for testing a production system including receiving information related to the production system, receiving production data from the production system, creating a virtual production system based off the production system using the received information and the received production data, and analyzing the production system by performing tests on the virtual production system.
Bell, JR. et al. (US 2015/0365437 A1) teaches a risk score that was generated at the time the software was deployed in inventory management policy repository which allows for a change in the risk score to be reflected in the cumulative/aggregate risk score for the software packages deployed on a given workstation.
Titonis et al. (US 2013/0097706 A1) teaches a computer-networked system that allows mobile subscribers, and others, to submit mobile applications to be analyzed for anomalous and malicious behavior using data acquired during the execution of the application within a highly instrumented and controlled environment.
Dennerline et al. (US 2010/0125900 A1) teaches determines and emulates the state of the application at both the requesting computer and the destination device, and determines if the current packet will exploit a known vulnerability in the destination computer.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497