Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed action
Claims 1-12 and 23-46 are pending and are being considered.
Claims 1-5, 12, 23-27, 34-39 and 46 have been amended.

Examiner's Amendments
An examiner's amendment to the record appears below. Should the changes and/or additions
be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner's amendment was given in a telephone interview from Steve Ashburn Reg. No. 56636 on 06/27/2022.
AMEND THE CLAIMS AS FOLLOWS:
1.	(Currently amended) One or more non-transitory machine-readable media storing instructions which, when executed by one or more processors, cause:
identifying a candidate set of one or more vulnerabilities associated with a plurality of processing nodes;
analyzing each processing node, of the plurality of processing nodes, to determine a respective subset of the candidate set of one or more vulnerabilities that are detected in each processing node; 
determining, for each processing node, a respective vulnerability score based on the respective subset of the candidate set of vulnerabilities that are detected in each processing node;
receiving a first request to be processed by at least one of the plurality of processing nodes;
determining whether one or more criteria for applying a vulnerability-based distribution algorithm for the first request are satisfied;
responsive to determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied:
selecting a first processing node, of the plurality of processing nodes, for processing the first request based at least on the respective vulnerability score for each processing node; 
routing the first request to the first processing node;
receiving a second request to be processed by at least one of the plurality of processing nodes;
determining whether the one or more criteria for applying the vulnerability-based distribution algorithm for the second request are satisfied;
responsive to determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied:
selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; 
routing the second request to the second processing node.

2.	(Currently amended) The one or more non-transitory machine-readable media of Claim 1 further storing instructions which cause:
determining that a new vulnerability has been added to the candidate set of one or more vulnerabilities;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive at least to determining that the new vulnerability has been added to the candidate set of one or more vulnerabilities.

3.	(Currently amended) The one or more non-transitory machine-readable media of Claim 2 further storing instructions which cause:
determining that a severity score associated with the new vulnerability is above a threshold value;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is further responsive to determining that the severity score associated with the new vulnerability is above the threshold value.

4.	(Currently amended) The one or more non-transitory machine-readable media of Claim 1 further storing instructions which cause:
determining a level of traffic associated with the plurality of processing nodes;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is based on the level of traffic associated with the plurality of processing nodes.

5.	(Currently amended) The one or more non-transitory machine-readable media of Claim 4, wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive to determining that the level of traffic associated with the plurality of processing nodes is above a threshold value.

12.	(Currently amended) The one or more non-transitory machine-readable media of Claim 1 further storing instructions which cause:
determining that a new vulnerability has been added to the candidate set of one or more vulnerabilities;
determining that a severity score associated with the new vulnerability is above a severity threshold value;
determining a level of traffic associated with the plurality of processing nodes;
determining a traffic threshold value based on a historical level of traffic associated with the plurality of processing nodes
determining that the level of traffic associated with the plurality of processing nodes is above the traffic threshold value;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive at least to (a) determining that the severity score associated with the new vulnerability is above the severity threshold value, and (b) determining that the level of traffic associated with the plurality of processing nodes is above the traffic threshold value;
wherein the second processing node is selected for processing the second request based on a load-based distribution algorithm;
wherein the respective vulnerability score for each processing node is based on (a) a respective number of vulnerabilities that are detected in each processing node, and (b) respective severity scores of vulnerabilities that are detected in each processing node;
wherein selecting the first processing node, of the plurality of processing nodes, for processing the first request based at least on the respective vulnerability score for each processing node comprises: ranking the plurality of processing nodes based on the respective vulnerability score for each processing node.
23.	(Currently amended) A method comprising:
identifying a candidate set of one or more vulnerabilities associated with a plurality of processing nodes;
analyzing each processing node, of the plurality of processing nodes, to determine a respective subset of the candidate set of one or more vulnerabilities that are detected in each processing node; 
determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node;
receiving a first request to be processed by at least one of the plurality of processing nodes;
determining whether one or more criteria for applying a vulnerability-based distribution algorithm for the first request are satisfied;
responsive to determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied:
selecting a first processing node, of the plurality of processing nodes, for processing the first request based at least on the respective vulnerability score for each processing node; 
routing the first request to the first processing node;
receiving a second request to be processed by at least one of the plurality of processing nodes;
determining whether the one or more criteria for applying the vulnerability-based distribution algorithm for the second request are satisfied;
responsive to determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied:
selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; and
routing the second request to the second processing node;
wherein the method is performed by at least one device including a hardware processor.

24.	(Currently amended) The method of Claim 23 further comprising:
determining that a new vulnerability has been added to the candidate set of one or more vulnerabilities;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive at least to determining that the new vulnerability has been added to the candidate set of one or more vulnerabilities.

25.	(Currently amended) The method of Claim 24 further comprising:
determining that a severity score associated with the new vulnerability is above a threshold value;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is further responsive to determining that the severity score associated with the new vulnerability is above the threshold value.

26.	(Currently amended) The method of Claim 23 further comprising:
determining a level of traffic associated with the plurality of processing nodes;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is based on the level of traffic associated with the plurality of processing nodes.

27.	(Currently amended) The method of Claim 26, wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive to determining that the level of traffic associated with the plurality of processing nodes is above a threshold value.
34.	(Currently amended) The method of Claim 23 further comprising:
determining that a new vulnerability has been added to the candidate set of one or more vulnerabilities;
determining that a severity score associated with the new vulnerability is above a severity threshold value;
determining a level of traffic associated with the plurality of processing nodes;
determining a traffic threshold value based on a historical level of traffic associated with the plurality of processing nodes
determining that the level of traffic associated with the plurality of processing nodes is above the traffic threshold value;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive at least to (a) determining that the severity score associated with the new vulnerability is above the severity threshold value, and (b) determining that the level of traffic associated with the plurality of processing nodes is above the traffic threshold value;
wherein the second processing node is selected for processing the second request based on a load-based distribution algorithm;
wherein the respective vulnerability score for each processing node is based on (a) a respective number of vulnerabilities that are detected in each processing node, and (b) respective severity scores of vulnerabilities that are detected in each processing node;
wherein selecting the first processing node, of the plurality of processing nodes, for processing the first request based at least on the respective vulnerability score for each processing node comprises: ranking the plurality of processing nodes based on the respective vulnerability score for each processing node.

35.	(Currently amended) A system comprising:
at least one device including a hardware processor;
the system being configured to perform operations comprising:
identifying a candidate set of one or more vulnerabilities associated with a plurality of processing nodes;
analyzing each processing node, of the plurality of processing nodes, to determine a respective subset of the candidate set of one or more vulnerabilities that are detected in each processing node; 
determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node;
receiving a first request to be processed by at least one of the plurality of processing nodes;
determining whether one or more criteria for applying a vulnerability-based distribution algorithm for the first request are satisfied;
responsive to determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied:
selecting a first processing node, of the plurality of processing nodes, for processing the first request based at least on the respective vulnerability score for each processing node; 
routing the first request to the first processing node;
receiving a second request to be processed by at least one of the plurality of processing nodes;
determining whether the one or more criteria for applying the vulnerability-based distribution algorithm for the second request are satisfied;
responsive to determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied:
selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; and
routing the second request to the second processing node.

36.	(Currently amended) The system of Claim 35, wherein: 
the operations further comprise determining that a new vulnerability has been added to the candidate set of one or more vulnerabilities; and
determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive at least to determining that the new vulnerability has been added to the candidate set of one or more vulnerabilities.

37.	(Currently amended) The system of Claim 36, wherein:
the operations further comprise determining that a severity score associated with the new vulnerability is above a threshold value; and
determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is further responsive to determining that the severity score associated with the new vulnerability is above the threshold value.

38.	(Currently amended) The system of Claim 35, wherein:
the operations further comprise determining a level of traffic associated with the plurality of processing nodes; and
determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is based on the level of traffic associated with the plurality of processing nodes.

39.	(Currently amended) The system of Claim 38, wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive to determining that the level of traffic associated with the plurality of processing nodes is above a threshold value.

46.	(Currently amended) The system of Claim 35, wherein:
the operations further comprise:
determining that a new vulnerability has been added to the candidate set of one or more vulnerabilities;
determining that a severity score associated with the new vulnerability is above a severity threshold value;
determining a level of traffic associated with the plurality of processing nodes;
determining a traffic threshold value based on a historical level of traffic associated with the plurality of processing nodes
determining that the level of traffic associated with the plurality of processing nodes is above the traffic threshold value;
wherein determining that the one or more criteria for applying the vulnerability-based distribution algorithm for the first request are satisfied is responsive at least to (a) determining that the severity score associated with the new vulnerability is above the severity threshold value, and (b) determining that the level of traffic associated with the plurality of processing nodes is above the traffic threshold value;
wherein the second processing node is selected for processing the second request based on a load-based distribution algorithm;
wherein the respective vulnerability score for each processing node is based on (a) a respective number of vulnerabilities that are detected in each processing node, and (b) respective severity scores of vulnerabilities that are detected in each processing node;
wherein selecting the first processing node, of the plurality of processing nodes, for processing the first request based at least on the respective vulnerability score for each processing node comprises: ranking the plurality of processing nodes based on the respective vulnerability score for each processing node.


Response to arguments
Applicants arguments filled on 06/15/2022 have been fully considered and are persuasive.
Allowable Subject matter
Claims 1-12 and 23-46 are allowed.
Examiner’s Statement of Reason for Allowance
According to 37 C.F.R. 1.104(e), it is the examiner's discretion to evaluate at the time of allowance whether the record of the prosecution as a whole does not make clear his or her reasons for allowing a claim or claims and set forth such a reasoning. At this time, the examiner believes that the claims allowed above require a separate reasoning to make the record clearer. The applicant or patent owner may file a statement commenting on the reasons for allowance within such time as may be specified by the examiner.
The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
The present invention is directed towards to routing requests to processing nodes based on a vulnerability in a processing node by a vulnerability analyzer analyzes each of a set of processing nodes. The vulnerability analyzer determines a set of detected vulnerabilities for each processing node. The vulnerability analyzer determines a vulnerability score for each processing node based on the corresponding set of detected vulnerabilities. A routing engine obtains a request to be processed by one of the processing nodes. The routing engine selects one of the set of processing nodes based on a vulnerability score of one or more processing nodes. The routing engine routes the request to the selected processing node. As an example, a routing engine may route a request to one of a set of processing nodes that is associated with the lowest vulnerability score.
Claim 1, 23 and 35 identifies a unique and distinct feature of “…..determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node…. responsive to determining that the criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied: selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; -2-Application No. 16/936,427 routing the second request to the second processing node” including other limitations in the claims.
The closest prior art Boren (US 20100100962)is directed towards method of identifying and servicing actual customer requests to a defended or protected computer or server can include the steps/operations of receiving by the defended computer, a service request from each of a plurality of IP addresses associated with a separate one of a plurality of service requesting computers, sending an inspection code adapted to perform a virtual attack on each existing service requesting computers at each respective associated IP address, and restricting provision of services from the defended computer to a subset of the service requesting computers identified for restriction when a security feature of the respective service requesting computer is determined to have been defeated by the virtual attack.
Boren teaches processing first and second request by one of plurality of processing nodes and processing the request with a node which does not includes any vulnerability. Boren fails to explicitly teach determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node…. responsive to determining that the criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied: selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; -2-Application No. 16/936,427 routing the second request to the second processing node.
The closet prior art Pope et al (US 20180124092) is directed towards identifying a vulnerability of an asset of a network infrastructure to mitigate. A network infrastructure may include multiple computing assets such as servers, computing devices, mobile devices (e.g., smartphones), etc. and networks that couple the computing assets with one or more other computing assets of the network infrastructure.
Pope teaches analyzing each processing nodes to determine candidate set of vulnerability detected in each processing nodes, however just like Boren, Pope also fails to teach determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node…. responsive to determining that the criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied: selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; -2-Application No. 16/936,427 routing the second request to the second processing node.

Therefore, the prior art of record does not teach or suggest individually or in combination the
particular limitation listed below as recited in the claims.
“…..determining, for each processing node, a respective vulnerability score based on the respective subset of vulnerabilities that are detected in each processing node…. responsive to determining that the criteria for applying the vulnerability-based distribution algorithm for the second request are not satisfied: selecting a second processing node, of the plurality of processing nodes, for processing the second request without using the respective vulnerability score for each processing node; -2-Application No. 16/936,427 routing the second request to the second processing node”
None of the prior art of record, either taken individually or in any combination, would have anticipated or made obvious the invention of the instant application at or before the time it was filled.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/               Examiner, Art Unit 2436                                                                                                                                                                                         /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436