Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is responding to the response filed on 6/9/2022. 
Claims 1-12 and 16-23 are pending in the application.  
Non-compliance
Per claim 16, the limitation, “deciding which of the one or more first policy shims is to be applied to a module” was previously presented but is deleted without strikethrough.  For examination, it is considered that the limitation has been deleted.  
Claim Objections
The objection to Claims 7, 8 and 16 are withdrawn due to the amendment to the claims.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-12, 16-23 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Lang et al. (US 20200410399, hereafter Lang).
 	1. (Currently Amended) A method comprising: creating, by a processor, one or more first policy shims for an input or an output of a module (Lang, see at least [0153] To generate (i.e. predict) additional (or changed) policies, the policy determination entity may feed inputs about environment changes or additional characteristics of the existing environment into the policy determination model, which generates 1870 a predicted policy;  [0193] the policy determining entity may for example synthetically create data (e.g. training data, policies, rules, action sequences etc.), using Generative Adversarial Networks (GANs), a machine learning approach…The discriminator can for example be trained with labeled training data set consisting of already-authored rules and their associated information inputs (e.g. the environment conditions for which the rule applies). Labeled training data (sets of feature inputs and their applicable policies) … using them to train the generator network; [0155] The new policy and the associated data (that was used as inputs into the policy determination model) may be added to the determined labeled data 1840; [0159] In step 105, the policy determining entity generates, by a processor, technically enforceable rules/configurations (or uses the authored/imported policies directly) and in step 110 distributes those to at least one policy implementation entity, where they are enforced; [0185]; [0191]);
determining whether the one or more first policy shims comprises an input policy shim (see at least [0149] the policy determining entity determines labeled data … for example analyzing the policy, which works best if sufficient information about the environment is “encoded” within the policy. For example, if the policy includes access control rules allow/deny between hosts communicating across a network, information about the environment is (usually) encoded within each rule (e.g. source IP, source port, destination IP, destination port; [0150] labeled data includes input features that are for example inputs into a neural network, and output labels, which are for example outputs from a neural network. For example, in a security policy related embodiment of the policy determining entity, labeled data could include numerous information flows with “secret” or “unclassified” characteristics associated with each endpoint of a communication (e.g. between hosts), and labels could include “allow” or “deny” results of these access rules; [0191] if a policy rule exists to allow IP-to-IP network communications between two hosts of particular characteristics (e.g. approved to process personal health information, PHI), the policy determining entity—once confirmed to be a correct assumption by human machine learning experts—may create further rules between other PHI-approved systems … or access to similar resources for the particular user; [0194] he predictive system determines a potential rule that could be applied to allow or block the traffic; [0072] storing (1670) data pertaining to the at least one result, if available, in an execution data model; [0073] determining, by a processor, whether the at least one action determination model indicates at least one next action option to be executed by the at least one agent, and if so, determining, by a processor, from the at least one action option, an action to be executed based on the action determination model; determining, by a processor, whether an execution data model has already been stored, and if so, obtain data from the execution data model data pertaining to the at least one determined action on the at least one environment, if that at least one action requires at least one precondition).
applying, by the processor, the one or more first policy shims to an input data set provided to an input of the module responsive to a determination that the one or more first policy shims comprises the input policy shim; executing, by the processor, the module on a data set produced in response to the applying step, thereby producing an output data set (Lang, see at least [0150] labeled data includes input features that are for example inputs into a neural network, and output labels, which are for example outputs from a neural network. For example, in a security policy related embodiment of the policy determining entity, labeled data could include numerous information flows with "secret" or "unclassified" characteristics associated with each endpoint of a communication (e.g. between hosts), and labels could include "allow" or "deny" results of these access rules; [0153]; [0155]; [0161] In step 120, the policy determining entity correlates, by a processor, the imported information with the enforced policy and/or rules/configurations. The goal is to produce labeled training data … used for training a neural net. For example, if a particular network traffic packet triggers an access rule, a record is created that includes at least a pair consisting of the traffic packet (the source for input features into machine learning) and the rule that triggered (the label that should be predicted); [0168] Input: Host A (secret), Host B (secret)-> output: "If source=192.168.1.101 and destination=192.168.1.102 then allow; [0195] If approved, the rule may be applied. In an example, the invention may (in step 235) automatically apply the new rule; [0206]; [0186] In machine learning terms, features of the imported information that triggered a rule (this could be called a "trigger event") form the inputs of the training data, while the policy rules (incl. for example a vector of comparison values) form the labels; [0188]; [0205] The traffic pattern (e.g. package) is inputted into the predictive system, which outputs a potential rule--in this case a "deny rule" (based on the characteristics of the new device, i.e. that it is characterized as sensor); [0092] execution (e.g. ongoing neural net training during operational use, e.g. using reinforcement learning; [0176] Once trained (e.g. on a processor that executes machine learning approaches) with sufficiently large data, a trained neural net would be able to predict that the most probable output would be); 
 	and applying, by the processor, the one or more first policy shims to the output data set produced by the module responsive to a determination that the one or more first policy shims comprises an output policy shim (see at least [0150] labeled data includes input features that are for example inputs into a neural network, and output labels, which are for example outputs from a neural network. For example, in a security policy related embodiment of the policy determining entity, labeled data could include numerous information flows with “secret” or “unclassified” characteristics associated with each endpoint of a communication (e.g. between hosts), and labels could include “allow” or “deny” results of these access rules; [0191] if a policy rule exists to allow IP-to-IP network communications between two hosts of particular characteristics (e.g. approved to process personal health information, PHI), the policy determining entity—once confirmed to be a correct assumption by human machine learning experts—may create further rules between other PHI-approved systems … or access to similar resources for the particular user; [0194] the predictive system determines a potential rule that could be applied to allow or block the traffic; [0072] storing (1670) data pertaining to the at least one result, if available, in an execution data model; [0153]; [0155]; [0161] In step 120, the policy determining entity correlates, by a processor, the imported information with the enforced policy and/or rules/configurations. The goal is to produce labeled training data … used for training a neural net. For example, if a particular network traffic packet triggers an access rule, a record is created that includes at least a pair consisting of the traffic packet (the source for input features into machine learning) and the rule that triggered (the label that should be predicted); [0168] Input: Host A (secret), Host B (secret)-> output: "If source=192.168.1.101 and destination=192.168.1.102 then allow; [0195] If approved, the rule may be applied. In an example, the invention may (in step 235) automatically apply the new rule; [0206]; [0186] In machine learning terms, features of the imported information that triggered a rule (this could be called a "trigger event") form the inputs of the training data, while the policy rules (incl. for example a vector of comparison values) form the labels; [0188]; [0205] The traffic pattern (e.g. package) is inputted into the predictive system, which outputs a potential rule--in this case a "deny rule" (based on the characteristics of the new device, i.e. that it is characterized as sensor); [0092] execution (e.g. ongoing neural net training during operational use, e.g. using reinforcement learning; [0176] Once trained (e.g. on a processor that executes machine learning approaches) with sufficiently large data, a trained neural net would be able to predict that the most probable output would be).

 	2. The method of claim 1 wherein the one or more first policy shims includes the input policy shim and the output policy shim (Lang, see at least 0138] For example, if the first node is "wi-fi packet sniffing" and the output is a number of SSIDs with MAC and channel and encryption (WEP/WPA etc.), then a subsequent step "deauthentication attack" needs to have access to the MAC and channel from the previous step--which is available from the stored state data; [0150] labeled data includes input features that are for example inputs into a neural network, and output labels, which are for example outputs from a neural network. For example, in a security policy related embodiment of the policy determining entity, labeled data could include numerous information flows with "secret" or "unclassified" characteristics associated with each endpoint of a communication (e.g. between hosts), and labels could include "allow" or "deny" results of these access rules; [0153] To generate (i.e. predict) additional (or changed) policies, the policy determination entity may feed inputs about environment changes or additional characteristics of the existing environment into the policy determination model, which generates 1870 a predicted policy; [0161] In step 120, the policy determining entity correlates, by a processor, the imported information with the enforced policy and/or rules/configurations. The goal is to produce labeled training data … used for training a neural net. For example, if a particular network traffic packet triggers an access rule, a record is created that includes at least a pair consisting of the traffic packet (the source for input features into machine learning) and the rule that triggered (the label that should be predicted); [0168] Input: Host A (secret), Host B (secret)-> output: "If source=192.168.1.101 and destination=192.168.1.102 then allow; 
 [0195] If approved, the rule may be applied. In an example, the invention may (in step 235) automatically apply the new rule; [0206]; [0186] In machine learning terms, features of the imported information that triggered a rule (this could be called a "trigger event") form the inputs of the training data, while the policy rules (incl. for example a vector of comparison values) form the labels; [0188]; [0205] The traffic pattern (e.g. package) is inputted into the predictive system, which outputs a potential rule--in this case a "deny rule" (based on the characteristics of the new device, i.e. that it is characterized as sensor); [0092] execution (e.g. ongoing neural net training during operational use, e.g. using reinforcement learning; [0176] Once trained (e.g. on a processor that executes machine learning approaches) with sufficiently large data, a trained neural net would be able to predict that the most probable output would be). 
   	3. (Original) The method of claim 1 wherein the module is one of a plurality of nested modules and the creating step includes creating one or more additional policy shims for at least one of the plurality of nested modules and wherein the applying step applies the one or more additional policy shims to the one of the plurality of nested modules and wherein the executing step includes executing the nested modules in response to the applying step (Lang, see at least 0192] policies can for example contain arbitrary nestings of policies and rules; [0146] the policy could include behavior/decision/action trees/graphs; [0153] To generate (i.e. predict) additional (or changed) policies, the policy determination entity may feed inputs about environment changes or additional characteristics of the existing environment into the policy determination model, which generates 1870 a predicted policy; [0152] The policy determination entity may then identify environment changes 1860. This step is optional. In some cases, additional policies can be identified for the original environment 1810, i.e. new policies should be predicted for some parts of the existing environment, e.g. additional access rules between existing hosts based on the policy determination model; [0100] the AI entity (described further below) can for example predict actions (e.g. exploits) directly, rather than children of a tree/graph etc; [0140] The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node; [0140] In an example of the present invention where the simulation is fully automated, a neural network is trained by running through many iterations of attack tree executions using conventional reinforcement learning (or similar) machine learning techniques … The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node); [0257] The new selected neural net S selects a child node. …If all child nodes have been marked unsuccessful, the algorithm moves to the parent in the attack tree (in the hope that another branch works out better)).
 	4. (Original) The method of claim 3 wherein additional one or more data sets are inserted into the plurality of nested modules prior to the executing step (Lang, see at least 0191] In an example, the policy determining entity may synthetically create additional data from this data, akin to "few-shot learning" approaches… may create further rules that allow similar users access to that resource (e.g. both users are part of the same user group), or access to similar resources for the particular user; [0192] policies can for example contain arbitrary nestings of policies and rules; [0153] To generate (i.e. predict) additional (or changed) policies, the policy determination entity may feed inputs about environment changes or additional characteristics of the existing environment into the policy determination model, which generates 1870 a predicted policy; [0152] The policy determination entity may then identify environment changes 1860. This step is optional. In some cases, additional policies can be identified for the original environment 1810, i.e. new policies should be predicted for some parts of the existing environment, e.g. additional access rules between existing hosts based on the policy determination model [0100] the AI entity (described further below) can for example predict actions (e.g. exploits) directly, rather than children of a tree/graph etc; [0140] The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node; [0140] In an example of the present invention where the simulation is fully automated, a neural network is trained by running through many iterations of attack tree executions using conventional reinforcement learning (or similar) machine learning techniques … The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node); [0257] The new selected neural net S selects a child node. …If all child nodes have been marked unsuccessful, the algorithm moves to the parent in the attack tree (in the hope that another branch works out better)).
5. (Original) The method of claim 1 wherein the creating step includes creating one or more substitute policy shims and further comprising overriding the one or more first policy shims and the applying step comprises applying the one or more substitute policy shims instead of the one or more first policy shims (Lang, see at least 0278] support replacing underlying ML security features, to be able to keep up with rapid evolution around ML; support security also for model training, not just for model use (classification); be flexible, allowing both being integrated with new ML toolkits, and allowing the integration of new ML security features; scalable; [0285] One or more ML security provider entity/entities (2040) provide secure functions that secure, replace, augment, modify etc. certain ML toolkit function entities--for example, replacing neural net activation functions implemented in ML toolkit function entities with alternatives that support homomorphic encryption (HE) (e.g. lower polynomial alternatives;  [0302]; [0307]). 
  6. (Currently Amended) The method of claim 1 further comprising storing, by the processor, the one or more first policy shims in a database and retrieving the stored one or more first policy shims prior to the applying step (Lang, see at least 0098] storing such information includes storing on a memory or storage in a common taxonomy, metamodel, ontology, database, graph structure, or in raw form;[0181] In step 125, the policy determining entity (which could be for example collocated with a policy implementation entity) collects (e.g. by a processor, e.g. from a memory, storage or network) information about the IT systems and associated entities such as users, data, applications, etc. In OpenPMF, …directories and databases; [0341] The VAPT entity may include a database and data model to store information, and may include a structured information model (e.g. metamodel, ontology, taxonomy etc.).
 	7. (Currently Amended) The method of claim 1 wherein the one or more first policy shims are a filter configured to act on the data set (Lang, see at least 0346] the BSC entity is used for determination of filter rules for message traffic over the device, and for initial configuration of the intrusion detection system; [0351] Filter rules are for example determined based on information from the functional models determined in step 2110 and 2120. In an example of the present invention, "model driven security" (see "MDS patent") can be used e.g. to determine filter rules based on functional models; [0382]; [0383]).  
 	8. (Original) The method of claim 1 wherein the one or more first policy shims are a set of business rules (Lang, see at least 0004] Features of such advanced policies are that they involve policy rules that are numerous, complex, feature-rich (e.g. privacy), fine-grained, contextual/dynamic etc. in particular, security policies need to capture increasingly more complex security requirements that are meaningful to business; [0148] The policy determining entity may then implement 1830 the policy on the environment … across an actual environment (e.g. enforcing access control policies, executing exploits); [0143], information technology (IT) systems (systems, applications, networks, network traffic etc.; Note that the environment for the policy rules is a business environment).  
 9. (Original) The method of claim 1 wherein the creating step includes creating one or more substitute policy shims and further comprising overriding the one or more first policy shims and the applying step comprises applying the one or more substitute policy shims instead of the one or more first policy shims and wherein the applying step is initiated by an external input (Lang, see at least 0278] support replacing underlying ML security features, to be able to keep up with rapid evolution around ML; support security also for model training, not just for model use (classification); be flexible, allowing both being integrated with new ML toolkits, and allowing the integration of new ML security features; scalable; [0285] One or more ML security provider entity/entities (2040) provide secure functions that secure, replace, augment, modify etc. certain ML toolkit function entities--for example, replacing neural net activation functions implemented in ML toolkit function entities with alternatives that support homomorphic encryption (HE) (e.g. lower polynomial alternatives;  [0302]; [0307]; [0286] The secure ML entity (2000) provides external ML function entity/entities (2050), which ML application(s) (2010) can use to directly communicate with ML security provider entity/entities (2040); [0312] an external command line tool 1470; [0140] The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node; [0140] In an example of the present invention where the simulation is fully automated, a neural network is trained by running through many iterations of attack tree executions using conventional reinforcement learning (or similar) machine learning techniques … The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node).  
10. (Original) The method of claim 9 wherein the external input is one of a weather alert and an emergency alert (Lang, see at least 0350] controlling critical, especially safety critical parts of the vehicle (for example brake or power train) into one segment, and less critical parts with a high risk of compromise (e.g. entertainment and navigation systems) into another bus segment; [0381] a safety critical message leading to a crash, depending on the vehicle;[0381]; Note that the safety critical message is the emergency alert for safety). 
11. (Original) The method of claim 9 wherein the external input is one or more business rules (Lang, see at least 0004] Features of such advanced policies are that they involve policy rules that are numerous, complex, feature-rich (e.g. privacy), fine-grained, contextual/dynamic etc. in particular, security policies need to capture increasingly more complex security requirements that are meaningful to business; [0148] The policy determining entity may then implement 1830 the policy on the environment … across an actual environment (e.g. enforcing access control policies, executing exploits); Note that the environment for the policy rules is a business environment).  
 	12. (Currently Amended) The method of claim 1 wherein the module is modified based on the executing step and whereby the one or more first policy shims are no longer used (Lang, see at least 0153] To generate (i.e. predict) additional (or changed) policies, the policy determination entity may feed inputs about environment changes or additional characteristics of the existing environment into the policy determination model; [0278] support replacing underlying ML security features, to be able to keep up with rapid evolution around ML; support security also for model training, not just for model use (classification); be flexible, allowing both being integrated with new ML toolkits, and allowing the integration of new ML security features; scalable; Note that the initial policy that is modified (e.g. removed) or replaced for the ML module is no longer used for the ML with new feature for particular events). 

 Per claim 16, this is the apparatus version of claim 1 and is rejected for the same reasons set forth in connection with the rejection of claim 1 above. Furthermore, Lang teaches a policy database configured for storing a plurality of policies; an input-output interface; a processor coupled to the input-output interface wherein the processor is coupled to a memory, the memory having stored thereon executable instructions that when executed by the processor cause the processor to effectuate operations comprising: (Lang, see at least 0098] storing such information includes storing on a memory or storage in a common taxonomy, metamodel, ontology, database, graph structure, or in raw form;[0181] In step 125, the policy determining entity (which could be for example collocated with a policy implementation entity) collects (e.g. by a processor, e.g. from a memory, storage or network) information about the IT systems and associated entities such as users, data, applications, etc. In OpenPMF, …directories and databases; [0341] The VAPT entity may include a database and data model to store information, and may include a structured information model (e.g. metamodel, ontology, taxonomy etc.; Fig. and 7 and 22 presenting the input-output interface);
 	creating one or more first policy shims from the plurality of policies (Lang, see at least [0153] To generate (i.e. predict) additional (or changed) policies, the policy determination entity may feed inputs about environment changes or additional characteristics of the existing environment into the policy determination model, which generates 1870 a predicted policy;  [0193] the policy determining entity may for example synthetically create data (e.g. training data, policies, rules, action sequences etc.), using Generative Adversarial Networks (GANs), a machine learning approach…The discriminator can for example be trained with labeled training data set consisting of already-authored rules and their associated information inputs (e.g. the environment conditions for which the rule applies). Labeled training data (sets of feature inputs and their applicable policies) … using them to train the generator network; [0155] The new policy and the associated data (that was used as inputs into the policy determination model) may be added to the determined labeled data 1840; [0159] In step 105, the policy determining entity generates, by a processor, technically enforceable rules/configurations (or uses the authored/imported policies directly) and in step 110 distributes those to at least one policy implementation entity, where they are enforced; [0185]; [0191]);
 	determining whether the one or more first policy shims comprises an input policy shim (see at least [0149] the policy determining entity determines labeled data … for example analyzing the policy, which works best if sufficient information about the environment is “encoded” within the policy. For example, if the policy includes access control rules allow/deny between hosts communicating across a network, information about the environment is (usually) encoded within each rule (e.g. source IP, source port, destination IP, destination port; [0150] labeled data includes input features that are for example inputs into a neural network, and output labels, which are for example outputs from a neural network. For example, in a security policy related embodiment of the policy determining entity, labeled data could include numerous information flows with “secret” or “unclassified” characteristics associated with each endpoint of a communication (e.g. between hosts), and labels could include “allow” or “deny” results of these access rules; [0191] if a policy rule exists to allow IP-to-IP network communications between two hosts of particular characteristics (e.g. approved to process personal health information, PHI), the policy determining entity—once confirmed to be a correct assumption by human machine learning experts—may create further rules between other PHI-approved systems … or access to similar resources for the particular user; [0194] he predictive system determines a potential rule that could be applied to allow or block the traffic; [0072] storing (1670) data pertaining to the at least one result, if available, in an execution data model; [0073] determining, by a processor, whether the at least one action determination model indicates at least one next action option to be executed by the at least one agent, and if so, determining, by a processor, from the at least one action option, an action to be executed based on the action determination model; determining, by a processor, whether an execution data model has already been stored, and if so, obtain data from the execution data model data pertaining to the at least one determined action on the at least one environment, if that at least one action requires at least one precondition).
 	 and applying the input policy shims to an input data set provided to an input of the module responsive to a determination that the one or more first policy shims comprises the input policy shim (Lang, see at least 0150] labeled data includes input features that are for example inputs into a neural network, and output labels, which are for example outputs from a neural network. For example, in a security policy related embodiment of the policy determining entity, labeled data could include numerous information flows with "secret" or "unclassified" characteristics associated with each endpoint of a communication (e.g. between hosts), and labels could include "allow" or "deny" results of these access rules; [0153]; [0155]; [0161] In step 120, the policy determining entity correlates, by a processor, the imported information with the enforced policy and/or rules/configurations. The goal is to produce labeled training data … used for training a neural net. For example, if a particular network traffic packet triggers an access rule, a record is created that includes at least a pair consisting of the traffic packet (the source for input features into machine learning) and the rule that triggered (the label that should be predicted); [0168] Input: Host A (secret), Host B (secret)-> output: "If source=192.168.1.101 and destination=192.168.1.102 then allow; [0195] If approved, the rule may be applied. In an example, the invention may (in step 235) automatically apply the new rule; [0206]; [0186] In machine learning terms, features of the imported information that triggered a rule (this could be called a "trigger event") form the inputs of the training data, while the policy rules (incl. for example a vector of comparison values) form the labels; [0188]; [0205] The traffic pattern (e.g. package) is inputted into the predictive system, which outputs a potential rule--in this case a "deny rule" (based on the characteristics of the new device, i.e. that it is characterized as sensor); [0092] execution (e.g. ongoing neural net training during operational use, e.g. using reinforcement learning; [0176] Once trained (e.g. on a processor that executes machine learning approaches) with sufficiently large data, a trained neural net would be able to predict that the most probable output would be). 
17. (Currently Amended) The apparatus of claim 16 wherein the operations further comprise creating a substitute policy shim and receiving, via the input-output interface, an input from an external source and overriding the one or more first policy shims with the substitute policy shim (Lang, see at least 0278] support replacing underlying ML security features, to be able to keep up with rapid evolution around ML; support security also for model training, not just for model use (classification); be flexible, allowing both being integrated with new ML toolkits, and allowing the integration of new ML security features; scalable; [0285] One or more ML security provider entity/entities (2040) provide secure functions that secure, replace, augment, modify etc. certain ML toolkit function entities--for example, replacing neural net activation functions implemented in ML toolkit function entities with alternatives that support homomorphic encryption (HE) (e.g. lower polynomial alternatives;  [0302]; [0307]; [0286] The secure ML entity (2000) provides external ML function entity/entities (2050), which ML application(s) (2010) can use to directly communicate with ML security provider entity/entities (2040); [0312] an external command line tool 1470; [0140] The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node; [0140] In an example of the present invention where the simulation is fully automated, a neural network is trained by running through many iterations of attack tree executions using conventional reinforcement learning (or similar) machine learning techniques … The actions are the selection of a particular child node in an attack tree relative to the current node (i.e. stepping to the child node).  
18. (Original) The apparatus of claim 17 wherein the substitute policy is a filter or a business rule  (Lang, see at least 0346] the BSC entity is used for determination of filter rules for message traffic over the device, and for initial configuration of the intrusion detection system; [0351] Filter rules are for example determined based on information from the functional models determined in step 2110 and 2120. In an example of the present invention, "model driven security" (see "MDS patent") can be used e.g. to determine filter rules based on functional models; [0382]; [0383]; [0004] Features of such advanced policies are that they involve policy rules that are numerous, complex, feature-rich (e.g. privacy), fine-grained, contextual/dynamic etc. in particular, security policies need to capture increasingly more complex security requirements that are meaningful to business; [0148] The policy determining entity may then implement 1830 the policy on the environment … across an actual environment (e.g. enforcing access control policies, executing exploits); Note that the environment for the policy rules is a business environment).   
 19. (Currently Amended) The apparatus of claim 16 wherein the operations further comprise creating a safety policy shim and receiving, via the input-output interface, an input from an external source and overriding the one or more first policy shims with the safety policy shim  (Lang, see at least 0350] controlling critical, especially safety critical parts of the vehicle (for example brake or power train) into one segment, and less critical parts with a high risk of compromise (e.g. entertainment and navigation systems) into another bus segment; [0381] a safety critical message leading to a crash, depending on the vehicle;[0381]). 
 	20. (Original) The apparatus of claim 19 wherein the safety policy shim is a filter or a business rule to be applied based on a safety concern (Lang, see at least 0346] the BSC entity is used for determination of filter rules for message traffic over the device, and for initial configuration of the intrusion detection system; [0351] Filter rules are for example determined based on information from the functional models determined in step 2110 and 2120. In an example of the present invention, "model driven security" (see "MDS patent") can be used e.g. to determine filter rules based on functional models; [0382]; [0383]; [0350] controlling critical, especially safety critical parts of the vehicle (for example brake or power train) into one segment, and less critical parts with a high risk of compromise (e.g. entertainment and navigation systems) into another bus segment; [0381] a safety critical message leading to a crash, depending on the vehicle;[0381]). 
Per claims 21-23, they are the medium versions of claims 1, 2, and 7, respectively, and are rejected for the same reasons set forth in connection with the rejection of claims 1, 2, and 7 above. 
Examiner’s Note
 	The Examiner has pointed out particular references contained in the prior art of record within the body of this action for the convenience of the Applicant.  Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply.  Applicant, in preparing the response, should consider fully the entire reference as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.
Response to Arguments
 	Applicant's arguments filed on 6/9/2022 have been fully considered but they are not persuasive. 
	The applicant states that Lang does not teach determining whether the one or more first policy shims comprises an input policy shim and applying the input policy shims to an input data set provided to an input of the module responsive to a determination that the one or more first policy shims comprises the input policy shim.
In response, Lang teaches that the policy determining entities determines if the policy includes input rules (e.g. access control rules with inputs where the output labels include the result of the input access control rules (see at least [0149]; [0150] labeled data includes input features that are for example inputs into a neural network, and output labels, which are for example outputs from a neural network. For example, in a security policy related embodiment of the policy determining entity, labeled data could include numerous information flows with “secret” or “unclassified” characteristics associated with each endpoint of a communication (e.g. between hosts), and labels could include “allow” or “deny” results of these access rules; [0191] if a policy rule exists to allow IP-to-IP network communications between two hosts of particular characteristics; [0194]).   Lang further clearly teaches that the input features are inputted into the neural network and the corresponding output labels are outputted (Lang, see at least 0150] [0153]; [0155]; [0161] In step 120, the policy determining entity correlates, by a processor, the imported information with the enforced policy and/or rules/configurations. The goal is to produce labeled training data … used for training a neural net. For example, if a particular network traffic packet triggers an access rule, a record is created that includes at least a pair consisting of the traffic packet (the source for input features into machine learning) and the rule that triggered (the label that should be predicted); [0168] Input: Host A (secret), Host B (secret)-> output: "If source=192.168.1.101 and destination=192.168.1.102 then allow; [0195]; [0188]; [0205]; [0176] Once trained (e.g. on a processor that executes machine learning approaches) with sufficiently large data, a trained neural net would be able to predict that the most probable output would be). 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
 	US20160292574  is related to identifying rules having an input and output rules.
US20180253209 is related to determining whether a rule for input exists in a rule set.
US20170249645 is related to determining whether applicable input rules exist and generate output based on the applied rules.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to INSUN KANG whose telephone number is (571)272-3724. The examiner can normally be reached M-F 10 am-6 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/INSUN KANG/Primary Examiner, Art Unit 2193