Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-5 are rejected under 35 U.S.C. 112 (b), as being indefinite for failing to particularly point out and distinctly claim subject matter which applicant regards as the invention.
Claim 1 recites the limitations “by the IA” in the 2nd line. There is insufficient antecedent basis for these limitation in the claim.
Claim 1 recites the limitations “the command” in line 11. There is insufficient antecedent basis for these limitation in the claim.
	Claims 2-5 are also rejected under 35 USC 112 (b) as they are dependent on claim 1 and as they do not cure the deficiencies of the claim 2.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-5 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
The term "pertinent knowledge" in claim 1 is  a relative/subjective term which renders the claim indefinite.  The term " pertinent knowledge” is not defined by the claim and  the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1, & 3-5 are rejected under 35 USC 103 as being unpatentable over Green (US20040193918) in view of  Kim (US20140029734) and Potapov (US20150356158)
Regarding claim 1,  Green teaches:
 a cyber security method using agents, comprising: after initial setup, directing, by the agent, a program to scan data comprised in a target;  [0098] According to the principles of the present invention, the tools 415 called upon by the task handler 418 may perform scans for different reasons. For example, a scan may be conducted to determine whether the user's network contains a specific attribute. Additionally, the tools 415 might scan the user's network to determine whether that network is vulnerable to a certain type of attack from a hacker. Therefore, in another embodiment of the present invention, the task builder 442 can check with the virus and vulnerability database 450  contained in the task module 408 to determine what scans should be performed so as to identify certain viruses and vulnerabilities. In one aspect ….hey affect (e.g., descriptions, severity levels, remediation information, etc.). In another aspect of the present invention, the scanning apparatus 400 may bypass the virus and vulnerability database 450 and also access public websites or billboards directly to check if new viruses or vulnerabilities have been identified. Such public websites and billboard include SANS/FBI Top 20 www.sans.org, and the Center for Internet Security www.cisecurity.com..]
collecting, by the agent, configuration information required to run the target; [0091] As discussed above, each scanning tool 415 may be typically associated with a specific operating system or platform and may have been developed independently of the scanning apparatus. Therefore, the input submitted to each scanning tool 415 must be in a specific proprietary or idiosyncratic format. Therefore, when the task handler 418 launches a task and essentially orders a scan be performed, the task handler 418 passes the data to be input into the tool 415 to the input wrapper 428 so that the input wrapper 428 can "wrap", or translate, the command line and/or configuration file 430 required by each tool 415, into the language required by that tool 415, thereby enabling that tool 415 to perform the task required by the task assignment 416. Once the tool 415 receives the properly "wrapped" or formatted command line and/or configuration file 430, it performs its scanning function as described above, or as described in Table 1, or as known in the art, or as described in the co-filed and co-pending application. In an alternative embodiment, each tool 415 may be robust enough that is able to accept any type of formatted command line and/or configuration file 430, regardless of the operating system upon which it is based. Such a robust tool 415 would eliminate the need for the input wrapper 428.]
using the configuration information, by the agent, attempting a connection to the target; passing, to a human user interface target information regarding the target; [0091] As discussed above, each scanning tool 415 may be typically associated with a specific operating system or platform and may have been developed independently of the scanning apparatus. Therefore, the input submitted to each scanning tool 415 must be in a specific proprietary or idiosyncratic format. Therefore, when the task handler 418 launches a task and essentially orders a scan be performed, the task handler 418 passes the data to be input into the tool 415 to the input wrapper 428 so that the input wrapper 428 can "wrap", or translate, the command line and/or configuration file 430 required by each tool 415, into the language required by that tool 415, thereby enabling that tool 415 to perform the task required by the task assignment 416. Once the tool 415 receives the properly "wrapped" or formatted command line and/or configuration file 430, it performs its scanning function as described above, or as described in Table 1, or as known in the art, or as described in the co-filed and co-pending application. In an alternative embodiment, each tool 415 may be robust enough that is able to accept any type of formatted command line and/or configuration file 430, regardless of the operating system upon which it is based. Such a robust tool 415 would eliminate the need for the input wrapper 428 . [0053] The server can be any entity, such as computer system 10, a computer platform, an adjunct to a computer or platform, or any component thereof, such as a program that can respond to requests from a client. The server also may include a display supporting a graphical user interface (GUI) for management and administration, and an Application Programming Interface (API) that provides extensions to enable application developers to extend and/or customize the core functionality thereof through software programs including Common Gateway Interface (CGI) programs, plug-ins, servlets, active server pages, server side include (SSI) functions and the like. Please also se paras 0054 & 0056]
using the human user interface, by the agent, accumulating pertinent knowledge regarding one or more of a connection method and target information; [0013] In order to accomplish one or more of these assessment or scanning tasks, the network scanner module may interface with or incorporate a number of network security tools. Each of these tools may require it's own proprietary or idiosyncratic input. Similarly, each of these network security tools may provide outputs that are either too copious or cryptic to be of use to a network security manager. Therefore, the network scanner module may facilitate the scanning procedure by taking the input data in the format used by the network scanner module and converting that data into the appropriate format for use with each of the tools.[0014] In addition, the network scanner module may collect the output of each tool and convert it into an output conforming with other outputs of the network scanner module. Thus, for example, while the native or unformatted output of ping may typically appear as shown in FIG. 5, the network scanner module may provide formatted output that may, depending on the circumstances, provide only a portion of the data provided by ping. For example, as shown in FIG. 6, individual ICMP ping results are stripped of details such as average round trip delay and timeout information, distilling the output to the core fact that a specific IP address was either "pingable" or not. Alternatively, the network scanner module may simply pass the data internally, with or without modifications to its content and/or format. [0053] The server can be any entity, such as computer system 10, a computer platform, an adjunct to a computer or platform, or any component thereof, such as a program that can respond to requests from a client. The server also may include a display supporting a graphical user interface (GUI) for management and administration, and an Application Programming Interface (API) that provides extensions to enable application developers to extend and/or customize the core functionality thereof through software programs including Common Gateway Interface (CGI) programs, plug-ins, servlets, active server pages, server side include (SSI) functions and the like. Please also se paras 0054 & 0056]
using the human user interface, by the agent,  communicating with the target using the pertinent knowledge; [0017] When the inventive system has completed its assessment, or even while it is completing its assessment, the inventive system may employ a report generator to generate a report that identifies the results of the inventive system's investigation. This generated report may include, for example, the direct output from each tool used, or the generated report may preferably provide the output in a manner that is uniform and easy to understand. For example, the program may classify and briefly list each of the potential vulnerabilities identified by the inventive system, and may associate an intuitive descriptor such as "low risk," "medium risk," "high risk," "informational risk," or "administrative risk" with each identified vulnerability. These risk levels may be further defined. For example, "high risk" may refer to vulnerabilities that could result in the user's system being immediately compromised, which, therefore, should be addressed immediately by the user. "Medium risk" may refer to vulnerabilities that could potentially result in information or system compromise, but which do not warrant immediate attention. "Informational risk" may be a specific category of "medium risk" relating to vulnerabilities that could potentially result in information compromise. "Low risk" (which may be synonymous with administrative risk) may refer to problems or warnings, such as a system configuration that might reveal information that might aid an attacker in their attempt to compromise the user's system or that would otherwise be of reconnaissance interest. [0053] The server can be any entity, such as computer system 10, a computer platform, an adjunct to a computer or platform, or any component thereof, such as a program that can respond to requests from a client. The server also may include a display supporting a graphical user interface (GUI) for management and administration, and an Application Programming Interface (API) that provides extensions to enable application developers to extend and/or customize the core functionality thereof through software programs including Common Gateway Interface (CGI) programs, plug-ins, servlets, active server pages, server side include (SSI) functions and the like. Please also se paras 0054 & 0056]
using the human user interface, receiving, by the agent, a response to the command from the target; [0095] In one aspect of the present invention, environment data passed to the environment loader 438 could result in the generation of a new task. Accordingly, new tasks may be generated by analyzing the environment data derived from the task results vis-a-vis the decision tree, which describes how the apparatus should act on new information. For example, the decision tree 444 may instruct the task builder 442 to construct new tasks 413 within the task list 412 in such a manner that the first (initial) task assignment 416 should be performed using the tools "ping" and "mnap". If the subsequent scans performed by tools 415 "ping" and "nmap" reveal, for example, that the user's network has UDP port 137 and TCP port 139 open, the resulting environment data (within the task results 436 ) is ultimately passed to the environment database 440 via the task handler 418 and environment loader 438. Through the environment loader 438, the task builder 442 determines whether detailed probes should be performed on those open ports and, based on the logic within the decision tree 444. If detailed probes are required, the task builder 442 may, for example, instruct the task manager 414 to send two task assignments 416 to the task handler 418 calling, for example, a tool 415 known as NMBLOOKUP to determine the Windows Domain or Workgroup name from the NetBIOS name service on UDP/137, as well as calling the tool 415 known as SMBCLIENT to probe the user's network to determine more NetBios information from the server running on TCP/139. [0053] The server can be any entity, such as computer system 10, a computer platform, an adjunct to a computer or platform, or any component thereof, such as a program that can respond to requests from a client. The server also may include a display supporting a graphical user interface (GUI) for management and administration, and an Application Programming Interface (API) that provides extensions to enable application developers to extend and/or customize the core functionality thereof through software programs including Common Gateway Interface (CGI) programs, plug-ins, servlets, active server pages, server side include (SSI) functions and the like. Please also se paras 0054 & 0056]
processing the response, by the agent, thereby generating a result; [0095] In one aspect of the present invention, environment data passed to the environment loader 438 could result in the generation of a new task. Accordingly, new tasks may be generated by analyzing the environment data derived from the task results vis-a-vis the decision tree, which describes how the apparatus should act on new information. For example, the decision tree 444 may instruct the task builder 442 to construct new tasks 413 within the task list 412 in such a manner that the first (initial) task assignment 416 should be performed using the tools "ping" and "mnap". If the subsequent scans performed by tools 415 "ping" and "nmap" reveal, for example, that the user's network has UDP port 137 and TCP port 139 open, the resulting environment data (within the task results 436 ) is ultimately passed to the environment database 440 via the task handler 418 and environment loader 438. Through the environment loader 438, the task builder 442 determines whether detailed probes should be performed on those open ports and, based on the logic within the decision tree 444. If detailed probes are required, the task builder 442 may, for example, instruct the task manager 414 to send two task assignments 416 to the task handler 418 calling, for example, a tool 415 known as NMBLOOKUP to determine the Windows Domain or Workgroup name from the NetBIOS name service on UDP/137, as well as calling the tool 415 known as SMBCLIENT to probe the user's network to determine more NetBios information from the server running on TCP/139.
transmitting, by the agent, the result to the program; [0096] Another example of how the environment loader 438, the task manager 414, and the task handler 418 all form a feedback loop can be illustrated by the task handler calling the tool 415 "qtip", which determines whether null logins are permitted. If the native output 432 or the task results 436, returned to the task handler 418 and then passed to the environment database 440 via the environment loader 438, indicate that the SMB protocol is running on TCP/139, the task builder 422 queues a task to probe this service as per the decision tree 444, which ultimately results in the task handler 418 directing that the tool 415 QTIP attempt to perform a null login, and, if successful, determine any existing file or printer share names and security settings. In another embodiment, if the initial "ping" and "nmap" scans generate environment data which reveals that TCP port 80 is open on the user's network, the task builder 422 queues tasks as described in the logic encoded in the decision tree 444, which ultimately results in the task manager 414 passing a task assignment 416 to the task handler 418 directing that a banner grabbing tool, such as "gbg" or "dotrnatrix", confirm that the service is actually an implementation of the HTTP protocol and to identify the specific web hosting product, as well as the version of that product which is used (e.g., Microsoft IIS/4.0 or Apache/1.3.12). Once a specific web hosting product and versions are identified, the task builder 422 queues one or more new tasks based on the logic encoded in the decision tree 444, which ultimately results in the task manager 414 passing a task assignment 416 to the task handler 418 directing specific vulnerability tests, in particular known exploits, be performed.
using the program, by the agent, processing the result; [0099] By creating a dynamically generated task list 412, based on processing task results with scan logic as encoded in a Decision Tree, a large amount of detailed information can be determined about a network and it's services. This information can be correlated with information contained within the Vulnerability Database 450, which contains a list of all of the potential vulnerabilities that a tool 415 might reveal. The Vulnerability Database 450 may contain additional logic describing dependencies that must be satisfied if a vulnerability detected by a specific tool 415 is deemed to be valid. For example, one tool 415 (e.g., Nessus) might perform a test which checks for specific vulnerabilities on a web server.
receiving the processed result, by the agent, from the program; [0099] By creating a dynamically generated task list 412, based on processing task results with scan logic as encoded in a Decision Tree, a large amount of detailed information can be determined about a network and it's services. This information can be correlated with information contained within the Vulnerability Database 450, which contains a list of all of the potential vulnerabilities that a tool 415 might reveal. The Vulnerability Database 450 may contain additional logic describing dependencies that must be satisfied if a vulnerability detected by a specific tool 415 is deemed to be valid. For example, one tool 415 (e.g., Nessus) might perform a test which checks for specific vulnerabilities on a web serve
and transmitting, by the agent, the processed result to storage. [0038] In an embodiment of the present invention, the reporting module includes a client environment database. The client environment database may include tables which store data which is generated by various scans (it is obvious to a skied person in the art that result is transmitted to a storage). Such data stored in the tables of the client environment database includes: scan parameters used in scanning, operating systems, IP registry, IP address universe (an indicator for differentiating between different networks which use the same "private" IP address blocks), vulnerabilities, scan time, last scan date, next scan date, status of network, discovered media access control (MAC) addresses (e.g., Ethernet addresses), scan activity log, exposed systems, exposed services, scanned domain names, scanned IP, discovered IP, or applications used in scanning. 
Although, Green teaches scanning of target data using the agent and the program, he does not teach explicitly, however, Kim teaches:
 Intelligent Agent (IA), [0097] According to the present invention, there is disclosed the mobile terminal 100 that may be utilized by a user in a more convenient and easier way by using the intelligent agent 182. The intelligent agent 182 may be implemented in hardware or software. Further, the intelligent agent 182 may be also referred to as an IA (Intelligent Agent) as necessary. Hereinafter, various methods of operating the mobile terminal 100 using the intelligent agent 182 according to the present invention will be described in greater detail.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Green, with the disclosure of Kim The motivation or suggestion would have been to implement a system that will provide efficient techniques for method of controlling an electronic device so that the electronic device may intelligently perform automatic conversation with a called party.. (abstract, para 0001-0003, Kim).
Although Green and Kim, teach IA and scanning of target data, they do not expclitly teach, however, Potapov teaches:
 knowledge base program, [0032] Described herein is an approach for storage-side scanning of external tables. The approach is referred to herein as storage-side-external-table scanning. Under storage-side-external-table scanning, a storage system, which is communicatively coupled to a DBMS (knowledge base program), performs storage-side scanning of data sources that are not stored in the native database storage format of the DBMS.[0069] The DBMS-Component 252 applies one or more scanning criteria to data source rows generated by DDAS-Modules 260 to generate “scanned rows”, which are projected or filtered according to the scanning criteria. In an embodiment, DBMS-Component 252 is not implemented as Java classes, as DDAS-modules 260 may be Rather DBMS-Component 252 comprise machine-level code compiled from, for example, C source code, thereby enabling scanning criteria to applied more efficiently.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Green, &  Kim with the disclosure of Potapov The motivation or suggestion would have been to implement a system that will provide efficient and improved techniques for optimized fast acting operations of  DBMS (database management system) .(abstract, paras 0002-0010, Potapov).
Regarding claim 3, Green teaches wherein the human user interface comprises one or more of a Graphical User Interface (GUI), a Command Line Interface (CLI), and another human user interface.  [please see para 0053]
 Regarding claim 4, Green teaches wherein the processing step comprises one or more of interpreting the response, categorizing the response, placing the response into storage, [para 0038] and processing the response in another way.  
Regarding claim 5, Green teaches wherein the processing response comprises processing the result using a processing block comprised in the program. [para 0099] 
Although Green and Kim teach processing of data, they however, do not teach expclitly, however, Potapov teaches processing the result using a processing block comprised in the knowledge e base program;.[[0017] While a scan-enabled storage system is configured to interpret a native database storage format of the DBMS for which scan-enabled storage system stores data blocks, the scan-enabled storage system remains oblivious to which data blocks store data for a particular database table defined by the DBMS, or which column in a data block corresponds to a particular table column defined by the DBMS. Thus, to perform projection or filtering, a scan-enabled storage system depends on input provided by a DBMS in a storage-side scan request, the input specifying the data blocks and the one or more columns therein to perform projection and filtering.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Green, &  Kim with the disclosure of Potapov The motivation or suggestion would have been to implement a system that will provide efficient and improved techniques for optimized fast acting operations of  DBMS (database management system) .(abstract, paras 0002-0010, Potapov).

Claim 2 is rejected under 35 USC 103 as being unpatentable over Green in view of  Kim, Potapov and Drennan (WO9966692 -original in English is attached)
Regarding claim 2, although Green, Kim & Potapov teach connecting to a target device , they do not teach explicitly, however, Drennan teaches  wherein the step of attempting a connection comprises attempting a connection to the target in descending order of estimated likelihood of success for the connection method, until a connection succeeds.  [page 18, para 2nd]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Green, Kim  & Potapov with the disclosure of Drennan The motivation or suggestion would have been to implement a system that will provide efficient techniques for easily and quickly  connecting to a target network or device  with affordable cost and acceptable quality. (page 5 & 6,, para 3rd & 1st respectively, Drennan).
Relevant prior arts mentioned in pto-892 but not used in this OFFice Action are as follows:
1. Chai (US10146635) teaches a virtual machine (VM) is disclosed. The VM includes a virtual processor including a plurality of applications, a volume shadow copy service (VSS) controller and an intelligent application requester that is configured to discover an application in the plurality of applications. The discovered application requires VSS supported backup and needs to be monitored for disk input/output (I/O) from a time a backup operation of the application is initiated till the back operation ends. The VM also includes a software component configured to monitor the disk I/O related to the application. The software component is configured to interface with the VSS controller to effectuate VSS supported backup of the application. The VM includes a control interface to enable an external software to control the intelligent application requester.
2. Cole (US20040015728) discloses a system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers, identification of open target ports, assessment of vulnerabilities on target ports, active assessment of vulnerabilities based on information acquired from target computers, quantitative assessment of target network security and vulnerability, and hierarchical graphical representation of the target network, target computers, and vulnerabilities in a test report. The system and method employ minimally obtrusive techniques to avoid interference with or damage to the target network during or after testing.
3. Hutchinson (US20070050777) discloses described are techniques used in monitoring the performance, security and health of a system used in an industrial application. Agents included in the industrial network report data to an appliance or server. The appliance stores the data and determines when an alarm condition has occurred. Notifications are sent upon detecting an alarm condition. The alarm thresholds may be user defined. A threat thermostat controller determines a threat level used to control the connectivity of a network used in the industrial application. 
4. Bala (US20160088120) teaches methods according to the present disclosure include: creating a representative profile from at least one change profile with an identifying tag from a repository, the representative profile including fewer than all possible changes to a system from an event; creating a candidate profile for a first candidate system, not flagged as similar or dissimilar, from the plurality of systems, wherein the candidate profile includes fewer than all changes to the first candidate system from the event; calculating at least one difference between the representative profile and the candidate profile; where the at least one difference is not within at least one threshold, flagging the first candidate system as dissimilar; and where the at least one difference is within the at least one threshold, flagging the first candidate system as similar, associating the identifying tag with the candidate profile, and adding the candidate profile to the repository.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497