Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
This office action is response to the application 17/219,599 filed on 03/31/2021. Claims 1-20 are pending in this communication.

Priority
This application claims priority from US provisional application 63/006,227 04/07/2020. Priority date has been accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 08/10/2021 & 11/09/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner. 

Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and email address in next communication, which will be very helpful to advance the prosecution.
Generally the text that are italicized are claims; the text that are in bold are reference citations (with some obvious exception); the text which is neither italicized nor bolded are by the examiner.
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Rejections - 35 USC § 103
The following is a quotation of AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 8, 9, 15 & 16 are rejected under AIA  35 U.S.C. 103 as being unpatentable over VESELOV; Vladimir et al., Pat. No.: US 10,706,155 B1 in view of KOHLI; Ashwin et al., Pub. No.: US 2012/0102543 A1. 

Regarding Claim 1, VESELOV discloses a non-transitory computer-readable medium comprising stored instructions executable by at least one processor for determining risk level within an enterprise computing environment, the instructions when executed causing the at least one processor {see col. 7 line 60- col 8 line 7 for hardware & instructions} to:
determine that a policy is to be executed {col. 3 lines 9-10, “identifies at least one rules package that is executed” … col. 30 lines 33-37, “a user may be prevented (e.g., via application of a security policy) … executing in its … computing environment”};
retrieve rules {Fig. 4B elements 454, 456 & col. 25 lines 23-25, “at 454 may retrieve the security assessment identified in (or identifiable from) the request. At 456, the system may obtain the rules package”}, resource identifiers {col 15 line 42, “include a resource identifier”}, and data provider identifiers associated with the policy {col. 34 lines 53-55, “the system may send a status request to the vendor's system (e.g., via the environment API), using the vendor's identifier for the assessment”};
asynchronously retrieve resources from data providers that are called for by the rules {col. 3 lines 8-12, “a security assessment of a virtual computing resource, as contemplated herein, identifies at least one rules package that is executed against collected data describing the virtual computing resource, and may further include parameters that configure the security assessment” … col. 3 lines 62-64, “Computing resource service providers and security software vendors produce rules packages that address the most prevalent security risks faced by their typical customers”};
execute each of the rules as their corresponding resources are retrieved {col. 5 lines 18-26, “The authoring API may, for example, enable the author to provide security assessment configuration parameters, such as rules package(s) used, … the configuration parameters may constitute a default configuration for executing instances of the security assessment”};
…
calculate a risk score for each rule of the group {col. 9 lines 53-55, “other security risk estimates, or execution profiles describing how the target computing resource 162 typically runs, received from an anomaly detection service)”. Examiner’s note: ‘security risk estimate’ is ‘risk score’};
VESELOV, however, does not explicitly disclose
identify a group of rules that have failed;
…
generate an alert for each rule of the group; and
output a report including each alert, each of the alerts being prioritized in the report based on the risk score of their corresponding rule.
In an analogous reference KOHLI discloses
identify a group of rules that have failed {[0158], “The risk options comprise an audit result displaying either passed or failed results, a category for enabling the user 702 to browse through several options, and a rule type for defining a child audit rule, a parent audit rule, or an audit group rule”};
…
generate an alert for each rule of the group {[0100], “the audit management system notifies the user of status updates of the scheduled audit periodically, for example, via emails, a short message service (SMS) message, etc.”}; 
and output a report including each alert {[0095], “The audit management system transmits a notification message, for example, through an electronic mail (email) to the email address provided by the user specifying that the report is available for display on the GUI ... In an example, the audit management system notifies the user of the report via an email, that is, through email updates”}, each of the alerts being prioritized in the report based on the risk score of their corresponding rule {[0097], “The audit management system highlights, prioritizes, and filters the information about the security and compliance of the … devices with the compliance policies based on predetermined criteria, during generation of the report”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify VESELOV’s technique of ‘provision and execution of customized security assessments of resources in a computing environment by one or more security policy and group of rules associated with the security policy’ to ‘generating alerts and report for rules those failed’, as taught by KOHLI, in order to outsource risk remediation over multiple cloud services’. The motivation is - Information security policies keeps a business away from penalties and fines, secure reputation for doing business by security policies strengthening business skills in data protection.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately. 

Regarding Claim 2, VESELOV as modified by KOHLI discloses all the features of claim 1. The combination further discloses
access a last time the policy was executed {VESELOV: col. 10 lines 46-49, “the target computing resources 162, the rules package(s) to use, the scheduled start time, and the duration (i.e., length of time) to collect user data”};
generate a run time for the policy by adding a scanning interval {VESELOV: col. 11 line 15, “at intervals, or once the duration has elapsed-send”} to the last time the policy was executed {col. 10 line 49, “The security assessment run record 158”};
determine whether the run time is less than or equal to a current time; and responsive to determining that the run time is less than or equal to the current time, determine that the policy is to be executed {VESELOV: col. 11 lines 13-17, “The sensors 164 may collect and/or generate the sensor results 166 for the preset duration, and may-in real-time, at intervals, or once the duration has elapsed-send the sensor results 166 back to the security assessment system 114 for processing and evaluation”. Examiner’s note: learning from run record and assessing time of run the technique goes back to execute the policy (“back to the security assessment”)}.

Regarding claim 8, claim 8 is claim to a method using the non-transitory computer-readable medium of claim 1. Therefore, claim 8 is rejected for the reasons set forth for claim 1.

Regarding claim 9, claim 9 is a dependent claim of claim 8, claim 9 is claim to method using the non-transitory computer-readable medium of claim 2. Therefore, claim 9 is rejected for the reasons set forth for claim 2.

Regarding claim 15, claim 15 is claim to a system using the non-transitory computer-readable medium of claim 1. Therefore, claim 15 is rejected for the reasons set forth for claim 1.

Regarding claim 16, claim 16 is claim to a system using the non-transitory computer-readable medium of claim 2. Therefore, claim 16 is rejected for the reasons set forth for claim 2.

Claims 7 & 14 are rejected under AIA  35 U.S.C. 103 as being unpatentable over VESELOV; Vladimir et al., Pat. No.: US 10,706,155 B1 in view of KOHLI; Ashwin et al., Pub. No.: US 2012/0102543 A1 and further in view of GORLAMANDALA; Ramya, Pub. No.: US 2020/0356676 A1.

Regarding Claim 7, VESELOV as modified by KOHLI discloses all the features of claim 1. The combination further discloses
…
generate an alert for each policy having a rule that has failed {KOHLI: [0100], “the audit management system notifies the user of status updates of the scheduled audit periodically, for example, via emails, a short message service (SMS) message, etc.”}; and
include the alert for each policy having a rule that has failed in the report {KOHLI: [0095], “The audit management system transmits a notification message, for example, through an electronic mail (email) to the email address provided by the user specifying that the report is available for display on the GUI ... In an example, the audit management system notifies the user of the report via an email, that is, through email updates”}.
 However, the combination does not explicitly disclose
calculate a policy risk score for each policy having a rule that has failed, wherein the policy risk score is an accumulation of risk scores for each rule in the policy;
In an analogous reference GORLAMANDALA discloses
calculate a policy risk score for each policy having a rule that has failed, wherein the policy risk score is an accumulation of risk scores for each rule in the policy {[0006], “The operations may also include receiving from a rule management module, at least one rule for determining a rule-based risk score. The operations may further include generating the rule-based risk score for the selected entity based on the at least one rule and the entity attribute associated with the selected entity. Additionally the operations may include generating an overall risk score for the selected entity based on the initial risk score and the rule-based risk score”. Examiner’s note: cited ‘overall risk score’ is accumulation of risk scores from initial entity based risk score and accumulation of rule-based risk scores};
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify VESELOV’s technique as modified by KOHLI of ‘provision and execution of customized security assessments of resources in a computing environment by one or more security policy and group of rules associated with the security policy to generating alerts and report for rules those failed where ‘overall risk score’ is accumulation of risk scores from initial entity based risk score and running rule-based risk scores’ by GORLAMANDALA, in order to compute overall or accumulative risk score of an entity. The motivation is - the risk score is the result of risk analysis, calculated by multiplying the risk impact rating by risk probability. It's the quantifiable number that allows key personnel to quickly and confidently make decisions regarding risks.

Regarding claim 14, claim 14 is a dependent claim of claim 8, claim 14 is claim to method using the non-transitory computer-readable medium of claim 7. Therefore, claim 14 is rejected for the reasons set forth for claim 7.

Allowable subject matter
Claims 3 & 6 will be allowable if written in independent form with base non-transitory computer-readable medium claim 1, claim 10 & 13 will be allowable if written in independent form with base method claim 8 and claim 17 & 20 will be allowable if written in independent form with base system claim 15.
 Because of further dependency, claims 4, 5, 11, 12, 18 & 19 are also objected.
Reasons of allowance: what is missing from the prior arts is: plurality of the security rules call for retrieval of a same computing resource from the cloud network, and the same computing resource is retrieved only once, and calculate the risk score for each rule of the group when executed cause the processors to weight the risk score based on an amount of time that has passed since each rule was initially determined to have failed.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B. Patel can be reached on 571-272-3972. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491