DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	In response to a Restriction Requirement, applicant responded on 8/22/22 electing claims 1-9 and 15 for examination.  Claims 10-14 are drawn towards non-elected claims.  Applicant’s response did not indicate if the election was with or without traverse, thus is treated as without traverse as no traverse was given in the response.

Information Disclosure Statement
	The references listed in the IDS’s filed on 2/26/01 and 7/9/01 are being considered.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-6, 8-9, and 15 is/are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by Seiver et al (US 2017/0214710).
Claim 1:
	Seiver discloses:
utilizing a processor in operable communication with at least one memory for
storing instructions that are executed the processor to perform operations (paragraph 158 and Fig 8) of:
accessing a plurality of datasets associated with a predetermined set of data sources (paragraphs 134-135);
accessing training data comprising features and class labels associated with the features from the plurality of datasets (paragraphs 134-135 and 208-216; Machine intelligence/neural network modeling is used to identify probability of attack.  Such modeling makes use of one or more initial training data related to whatever the machine intelligence is to model in the future);
applying learning algorithms to the training data to generate classification models that are configured to predict class labels defining a likelihood of exploitation of respective software vulnerabilities (paragraphs 134-134, 165, 208-216, and 227);
accessing one or more features associated with a software vulnerability (paragraphs 135, 208-216, and 227); and
computing, by applying the one or more features to the classification model, a class label defining one or more values defining a likelihood of exploitation associated with the software vulnerability (paragraphs 74-75, 135, 208-216, and 227).

Claim 2:
	Seiver further discloses generating a plurality of estimation outputs based on the one or more values to derive an overall quantitative score (paragraphs 75, 165, 192, 216, 228, and Figures 3-7; Combined/weighted/overall comprise value calculated).

Claim 3:
	Seiver further discloses wherein the plurality of datasets include
vulnerability data for vulnerabilities that are publically disclosed and obtaining exploits data for exploits that were used in real world attacks (paragraphs 165, 192, 210, and 347).

Claim 4:
	Seiver further discloses aligning the exploits data with the vulnerability data; and
cleaning the exploits data of noise and predetermined portions of the exploits data that is irrelevant to associated software vulnerabilities (paragraphs 290-291, 297-299, 318, and 324-325).

Claim 5:
	Seiver further discloses wherein certain features correspond to a known vulnerability obtained from the plurality of datasets (paragraphs 165, 192, 210, and 347).

Claim 6:
	Seiver further discloses testing the classification models by applying additional training data and one or more algorithms and evaluation metrics to optimize the classification models until the classification models compute the likelihood of exploitation according to a predefined error rate (paragraphs 227, 316-319, and 324-325).

Claim 8:
	Seiver further discloses sorting vulnerabilities associated with the plurality of datasets according to time; training the classification model using the training data, the training data defining a first subset of the plurality of datasets associated with a predetermined period of time; and testing the classification model using a second subset of the plurality of datasets associated with the predetermined period of time (paragraphs 130, 150, 167, 173, 227, and 356).

Claim 9:
	Seiver further discloses computing mutual information from the plurality of datasets informative as to what information a given feature provides about another feature (paragraphs 117, 165-166, 201-203, and 324-325).

Claim 15:
	Seiver discloses a computing device, configured via machine learning to apply a learned function derived from at least one machine learning algorithm and a plurality of datasets associated with software vulnerabilities to data associated with a software vulnerability to estimate a likelihood of exploitation of the software vulnerability (paragraphs 74-75, 135, 165, 208-216, 227, and Figures 3-7).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Seiver et al (US 2017/0214710) in view of Titonis et al (US 2013/0097706).

Claim 7:
	Seiver further discloses text feature derived from the plurality of datasets to create a vocabulary of associated words (paragraphs 239, 279, 302-303, and 356).  However, Seiver does not disclose, but Titonis discloses vectorizing, using term frequency-inverse document frequency (paragraphs 151, 263, and claim 19).
	Before the effective filing date of applicant’s claimed invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Seiver and Totonis to arrive at the further limitation recited in claim 7.  One of ordinary skill in the art would have been motivated to utilize vectoring as taught by Totonis in Seiver’s invention because it would provide improved text data analysis and assessment which would allow for Seiver’s machine learning to better perform vulnerability/risk assessment.

Conclusion



Any inquiry concerning this communication or earlier communications from the examiner should be directed to PONNOREAY PICH whose telephone number is (571)272-7962. The examiner can normally be reached M-F 9am-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PONNOREAY PICH/Primary Examiner, Art Unit 2495