Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 07/06/2021; the foreign application priority date of 09/22/2016 is considered
Claims 1-20 are pending and rejected; 1, 8 and 15 are independent claims.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting over claims 1-18 of U.S. Patent No. 11,057,431 B2 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter, as follows: see independent claims comparison table below
Patent No.: 11,057,431 B2
Instant application
1. An apparatus to assess security vulnerabilities associated with a computing resource of a first computing device, the apparatus comprising: a memory; 
a logic circuit to: cause a secure connection channel to be established with the computing resource, the secure connection channel established based on a certificate specific to the computing resource, the certificate included in the memory and the computing resource during development of the apparatus; 
manage a benchmark associated with the first computing device, the benchmark created during development of the computing resource and including (a) a collection of benchmark profiles and (b) a collection of rules, a benchmark profile of the collection of benchmark profiles instantiated using a subset of the collection of rules, the benchmark to constrain behavior of the computing resource; 
identify a second computing device with a second instantiation of the computing resource; 
in response to obtaining the benchmark profile, further alter the subset of the collection of rules included in the benchmark profile by: 
enabling a first rule corresponding to a first type of the computing resource; and 
disabling a second rule that does not correspond to the first type of the computing resource; 
test the first rule of the benchmark profile against the computing resource; 
identify an insufficiency of the computing resource based on the first rule of the benchmark profile; 
idempotently remediate the insufficiency of the computing resource to comply with the first rule of the benchmark profile; and 
apply changes to the second computing device based on changes to the benchmark.
1. An apparatus comprising:
at least one memory; 
instructions in the apparatus; and 
processor circuitry to execute the instructions to: access a benchmark associated with a target resource; 
evaluate the target resource against a plurality of rules of the benchmark; 
in response to the evaluation, access an operations database including a remediation action on the target resource; 
filter rules of the benchmark that are inapplicable to the target resource to determine a set of applicable rules; 
make available a representational state transfer (REST) application programming interface (API) for configuration of the apparatus; and
 present a web-based graphical user interface to display a report from the apparatus including the set of applicable rules.


Furthermore, there is no apparent reason why applicant was prevented from presenting claims corresponding to those of the instant application during prosecution of the application which matured into a patent. See In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968). See also MPEP § 804.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2, 4-9, 11-16 and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over Frascadore et al. US Pub. No.: 2014/0331277 A1 (hereinafter Frascadore) in view of Brannon US Pub 2014/0201816 A1 (hereinafter Brannon).

Frascadore teaches:
As to claim 1, an apparatus comprising: at least one memory; 
instructions in the apparatus; and 
processor circuitry to execute the instructions to: access a benchmark associated with a target resource (see Frascadore ¶59, the compliance tester 504 accesses the example policy database 310 (FIG. 3) to retrieve a policy that includes one or more policy rules (sometimes referred to herein as "rules")) ; 
evaluate the target resource against a plurality of rules of the benchmark (see Frascadore Fig. 4, (402), ass/test compliance of resources with policy/benchmark); 
in response to the evaluation, access an operations database including a remediation action on the target resource (see Frascadore Fig. 4, (406), determine response priorities of assessment results based on compliance score; ¶40, address (e.g., repair, remediate, etc.) computing resources that fail a PCI test or to address repairs to computing resources that fail a CIS test); 
filter rules of the benchmark that are inapplicable to the target resource to determine a set of applicable rules (see Frascadore ¶60, when testing the computing resource against the policy, a rule scope condition checked by the scope tester 506 determines whether a rule applies to the computing resource); 
present a web-based graphical user interface to display a report from the apparatus including the set of applicable rules (Frascadore ¶29, a virtual machine 110 in the virtual computing environment 100 may be accessed via a web access interface through a web browser of the client 11);
Frascadore does not explicitly teach but the related art Brannon teaches:
 make available a representational state transfer (REST) application programming interface (API) for configuration of the apparatus (see Brannon ¶37, he compliance rules 258 may comprise a list of user device 150 functions, such as those provided by Application Programming Interface's (API's) associated with the operating system 215 and/or a platform library 240 (Depicted in FIG. 2)).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the method to identify priorities of compliance assessment results of a virtual computing environment disclosed by Frascadore to include securely authorizing access to remote resources, as thought by Brannon, in order use applicable API for configuration of the apparatus. A person with ordinary skill in the art would have been motivated because utilities may be accessed by applications as necessary so that each application does not have to contain these utilities, thus allowing for memory consumption savings and a consistent user experience. 

As to claim 2, the combination of Frascadore and Brannon teaches the apparatus of claim 1, wherein the processor circuitry is to execute the instructions in association with at least one of a virtual machine or an executable container, the at least one of the virtual machine or the executable container disposed on a server remote from the target resource (see Frascadore fig. 2 and ¶29, virtual machine 110 in the virtual computing environment 100 may be accessed via a web access interface through a web browser of the client 114)

As to claim 3, the combination of Frascadore and Brannon teaches the apparatus of claim 1, wherein the processor circuitry is to allow enabling, disabling, or tailoring ones of the plurality of rules by editing at least one profile parameter (see Frascadore ¶23, Each criterion implements either a Boolean-valued test of one resource configuration (e.g., a property) setting).

As to claim 4, the combination of Frascadore and Brannon teaches the apparatus of claim 3, wherein the processor circuitry is to invoke a remediation action for ones of the plurality of rules that fails after a change to the at least one profile parameter (see Frascadore Fig. 4, (406), determine response priorities of assessment results based on compliance score; ¶40, address (e.g., repair, remediate, etc.) computing resources that fail a PCI test or to address repairs to computing resources that fail a CIS test).

As to claim 5, the combination of Frascadore and Brannon teaches the apparatus of claim 1, wherein the processor circuitry is to execute the instructions to establish a secure communication with the target resource, the secure communication based on at least one of a mutual secret, a certificate, or a keypair (see Brannon ¶51, certificate, token, profile, combinations thereof, and/or other electronic data uniquely describing the user device 150 that indicates that the user device 150 is authorized to access resources 258 hosted by the resource server 110);.

As to claim 6, the combination of Frascadore and Brannon teaches the apparatus of claim 1, wherein the processor circuitry is to execute the instructions to operate a command line interface, and at least one of the command line interface or the web-based graphical user interface displays a report to a developer of the target resource (see Frascadore ¶41, example reporter 318 to generate reports based on information stored in the compliance database 308).

As to claim 7, the combination of Frascadore and Brannon teaches the apparatus of claim 1, wherein the operations database includes at least one of a secure technical implementation guide, a hardening guide, a benchmark, or a security content automation profile (see Frascadore Fig. 3, compliance database).

As to independent claim 8, this claim directed to a non-transitory computer readable medium comprising instructions executed by the apparatus of claim 1; therefore it is rejected along similar rationale.
As to independent claim 15, this claim directed to a method executed by the apparatus of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 9-14 and 16-20, these claims contain substantially similar subject matter as claim 2-7, therefore they are rejected along the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/            Examiner, Art Unit 2433                   

/JEFFREY C PWU/            Supervisory Patent Examiner, Art Unit 2433