DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a Non-Final Office Action in response to applicant’s filing on 
November 17, 2020.
Claims 1-20 are pending.

                                                        Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a
separate sheet within the range of 50 to 150 words in length. The abstract should describe the
disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent
text for details.
The language should be clear and concise and should not repeat information given in the title. It
should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure
defined by this invention,” “The disclosure describes,” etc. In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The abstract of the disclosure is objected to because it had more than 150 words. Correction is
required. See MPEP § 608.01 (b).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1- 4, 6-14, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gerrick (US 2019/0166149 A1) in view of Li et al. (US 2019/0102564 A1).

In regards to claim 1, Gerrick discloses a computing platform, comprising: 
at least one processor (Gerrick, Para. 0024); 
a communication interface communicatively coupled to the at least one processor; and memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to (Gerrick, Para. 0024):
 receive, via the communication interface, first asset inventory data of a third party computing system of a first entity (Gerrick, Para. 0032, the vulnerability scanner 110 scans the assets 112. During step 302, the vulnerabilities are catalogued as raw vulnerability data and sent to the vulnerability analytics server(s) 106) and (Para. 0033, the vulnerability analytics server(s) 106 mines the raw vulnerability data); 
identify one or more vulnerabilities based on comparing the first asset inventory data of the third party computing system of the first entity to a list of security vulnerability definitions maintained in a common vulnerabilities and exposures database (Gerrick, Paras. 0032, and 0042, the individual asset data in the raw vulnerability data may be compared against asset inventory data in the asset inventory database 114), and (para. 0033, an asset value is a value that identifies the asset associated with the vulnerability data); 
send, via the communication interface, to the third party computing system of the first entity, a notification of the identified one or more vulnerabilities (Gerrick, 0022, The vulnerability analytics server(s) 106 analyzes vulnerability data, informs the owner device 102 and/or the service device 104 of vulnerabilities, automates a remediation process, and generates reports of vulnerabilities associated with the assets 112); 
Gerrick fails to disclose request implementation of one or more remediation actions, by the third party computing system of the first entity, for the identified one or more vulnerabilities within a predefined period of time; 
receive, via the communication interface, a status of the one or more remediation actions; and 
based on the third party computing system of the first entity implementing the one or more remediation actions, store updated first asset inventory data of the third party computing system of the first entity.
However, Li teaches request implementation of one or more remediation actions, by the third party computing system of the first entity (Li, Para. 0008, It requires the utilities to (1) identify patch sources for all installed software and firmware, (2) identify applicable security patches on a monthly basis, and (3) determine whether to apply the security patch or mitigate the security vulnerability), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3. The search engine supports queries of vulnerabilities released in a certain time span (i.e., last 30 days) with specific CPEs or generic CPEs); 
receive, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034, analyzes vulnerabilities, recommends remediation decisions (i.e., patch quickly or defer patching) for vulnerabilities); and 
based on the third party computing system of the first entity implementing the one or more remediation actions (Li, Para. 0048, machine learning technologies to automate remediation action analysis. A prediction model is trained first over historical operation data. Then for a new vulnerability, the model takes the vulnerability's asset characteristics and vulnerability characteristics as inputs and outputs a predicted remediation action), store updated first asset inventory data of the third party computing system of the first entity (Li, Paras. 0058- 0059, Most utilities keep historical vulnerability and decision data for future retrieval and government inspection; note the decision data which can interpret as updated first asset inventory data).  
Gerrick and Li are both considered to be analogous to the claim invention because they are in the same field of generating alerts based on continuous monitoring of third-party systems. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include request implementation of one or more remediation actions, by the third party computing system of the first entity (Li, Para. 0008), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3); 
receive, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034); and 
based on the third party computing system of the first entity implementing the one or more remediation actions (Li, Para. 0048), store updated first asset inventory data of the third party computing system of the first entity (Li, Paras. 0058- 0059). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 2, the combination of Gerrick and Li teaches the computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
receive, via the communication interface, second asset inventory data of a third party computing system of a second entity (Gerrick, Para. 0020, the system 100 may include one or more devices belonging to an asset, an application, or thread owner (owner device(s) 102), one or more devices belonging to a cyber security expert or service technician (service device(s) 104)) and (Para. 0032, the vulnerability scanner 110 scans the assets 112. During step 302, the vulnerabilities are catalogued as raw vulnerability data and sent to the vulnerability analytics server(s) 106) and (Para. 0033, the vulnerability analytics server(s) 106 mines the raw vulnerability data); 
identify one or more vulnerabilities based on comparing the second asset inventory data of the third party computing system of the second entity to a list of security vulnerability definitions maintained in the common vulnerabilities and exposures database (Gerrick, Paras. 0032, and 0042, the individual asset data in the raw vulnerability data may be compared against asset inventory data in the asset inventory database 114), and (para. 0033, an asset value is a value that identifies the asset associated with the vulnerability data); 
send, via the communication interface, to the third party computing system of the second entity, a notification of the identified one or more vulnerabilities (Gerrick, 0022, The vulnerability analytics server(s) 106 analyzes vulnerability data, informs the owner device 102 and/or the service device 104 of vulnerabilities, automates a remediation process, and generates reports of vulnerabilities associated with the assets 112); 
request implementation of one or more remediation actions, by the third party computing system of the second entity (Li, Para. 0008, It requires the utilities to (1) identify patch sources for all installed software and firmware, (2) identify applicable security patches on a monthly basis, and (3) determine whether to apply the security patch or mitigate the security vulnerability), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3. The search engine supports queries of vulnerabilities released in a certain time span (i.e., last 30 days) with specific CPEs or generic CPEs); 
receive, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034, analyzes vulnerabilities, recommends remediation decisions (i.e., patch quickly or defer patching) for vulnerabilities); and
 based on the third party computing system of the second entity implementing the one or more remediation actions (Li, Para. 0048, machine learning technologies to automate remediation action analysis. A prediction model is trained first over historical operation data. Then for a new vulnerability, the model takes the vulnerability's asset characteristics and vulnerability characteristics as inputs and outputs a predicted remediation action), store updated second asset inventory data of the third party computing system of the second entity (Li, Paras. 0058- 0059, Most utilities keep historical vulnerability and decision data for future retrieval and government inspection; note the decision data which can interpret as updated first asset inventory data).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include request implementation of one or more remediation actions, by the third party computing system of the second entity (Li, Para. 0008), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3); 
receive, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034); and 
based on the third party computing system of the second entity implementing the one or more remediation actions (Li, Para. 0048), store updated second asset inventory data of the third party computing system of the second entity (Li, Paras. 0058- 0059). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 3, the combination of Gerrick and Li teaches the computing platform of claim 2, wherein the first entity and the second entity are different third party entities (Gerrick, Fig. 1, Para. 0020, The system 100 may include one or more devices belonging to an asset, an application, or thread owner (owner device(s) 102), one or more devices belonging to a cyber security expert or service technician (service device(s) 104)).  

In regards to claim 4, the combination of Gerrick and Li teaches the computing platform of claim 2, wherein the identified one or more vulnerabilities comprise one or more security vulnerabilities associated with an asset (Li, Para. 0006, Symantec Patch Management can detect security vulnerabilities for various operating systems, and for Microsoft applications and Windows applications).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include wherein the identified one or more vulnerabilities comprise one or more security vulnerabilities associated with an asset (Li, Para. 0006). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 6, the combination of Gerrick and Li teaches the computing platform of claim 2, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
detect common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0044, Each vulnerability is identified by a unique Common Vulnerability Enumeration (CVE) ID, such as CVE-2016-8882. It provides which products are affected by the vulnerability by specifying the products CPE names under the vulnerability. Each vulnerability also comes with Common Vulnerability Scoring System (CVSS) metrics which describe the vulnerability features); and
 generate a report on the common issues (Li, Para. 0045).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include detect common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0044); and
 generate a report on the common issues (Li, Para. 0045). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 7, the combination of Gerrick and Li teaches the computing platform of claim 2, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
detect common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0006, these VPM solutions mainly address security issues for operating systems such as Windows, Mac, and Linux, and the applications running on these systems. They can automatically discover vulnerabilities and deploy available patches); and
 generate notifications to a third entity different from the first entity and the second entity based on the detected common issues (Li, Para. 0044, The NVD publishes vulnerabilities for a variety of products daily. Each vulnerability is identified by a unique Common Vulnerability Enumeration (CVE) ID, such as CVE-2016-8882. It provides which products are affected by the vulnerability by specifying the products CPE names under the vulnerability. Each vulnerability also comes with Common Vulnerability Scoring System (CVSS) metrics which describe the vulnerability features).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include detect common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0006); and
generate notifications to a third entity different from the first entity and the second entity based on the detected common issues (Li, Para. 0044). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 8, the combination of Gerrick and Li teaches the computing platform of claim 1, the combination of Gerrick and Li teaches wherein requesting implementation of the one or more remediation actions for the identified one or more vulnerabilities comprises requesting implementation of one or more remediation actions based on a severity level of the identified one or more vulnerabilities (Li, Para. 0045, the CVSS score is a number between 0 and 10 determined by the metrics to describe, in general, a vulnerability's overall severity).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include wherein requesting implementation of the one or more remediation actions for the identified one or more vulnerabilities comprises requesting implementation of one or more remediation actions based on a severity level of the identified one or more vulnerabilities (Li, Para. 0045). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 9, the combination of Gerrick and Li teaches the computing platform of claim 1, wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
update a machine learning classification model based on remediation actions (Li, Para. 0093, comparing the decision tree paths, the vulnerabilities go through, and the provided rules, “Model Update” module can automatically update the decision tree model by making offspring paths), wherein the machine learning classification model is configured to automatically prioritize cybersecurity risks for remediation (Li, Para. 0032, when new vulnerabilities are fed into the trained model, the predicted decisions and the rationales will be outputted automatically).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include update a machine learning classification model based on remediation actions (Li, Para. 0093), wherein the machine learning classification model is configured to automatically prioritize cybersecurity risks for remediation (Li, Para. 0032). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 10, the combination of Gerrick and Li teaches the computing platform of claim 1, wherein receiving the first asset inventory data comprises receiving the first asset inventory data at periodic time intervals (Gerrick, Para. 0064, for each time interval, multiple bars may be used to identify new vulnerabilities and resolved vulnerabilities).  

In regards to claim 11, the combination of Gerrick and Li teaches the computing platform of claim 1 wherein receiving the first asset inventory data comprises receiving the first asset inventory data at monthly time intervals (Gerrick, FIG. 10, to display the number of vulnerabilities on a monthly basis (or some other time interval). In some embodiments, for each time interval, multiple bars may be used to identify new vulnerabilities and resolved vulnerabilities).  

In regards to claim 12, Gerrick discloses a method, comprising:
 at a computing platform comprising at least one processor, a communication interface, and memory (Gerrick, Para. 0024):
receiving, by the at least one processor, via the communication interface, first asset inventory data of a third party computing system of a first entity (Gerrick, Para. 0032, the vulnerability scanner 110 scans the assets 112. During step 302, the vulnerabilities are catalogued as raw vulnerability data and sent to the vulnerability analytics server(s) 106) and (Para. 0033, the vulnerability analytics server(s) 106 mines the raw vulnerability data);
 identifying, by the at least one processor, one or more vulnerabilities based on comparing the first asset inventory data of the third party computing system of the first entity to a list of security vulnerability definitions maintained in a common vulnerabilities and exposures database (Gerrick, Paras. 0032, and 0042, the individual asset data in the raw vulnerability data may be compared against asset inventory data in the asset inventory database 114), and (para. 0033, an asset value is a value that identifies the asset associated with the vulnerability data); 
sending, by the at least one processor, via the communication interface, to the third party computing system of the first entity, a notification of the identified one or more vulnerabilities (Gerrick, 0022, The vulnerability analytics server(s) 106 analyzes vulnerability data, informs the owner device 102 and/or the service device 104 of vulnerabilities, automates a remediation process, and generates reports of vulnerabilities associated with the assets 112); 
Gerrick fails to disclose requesting, by the at least one processor, implementation of one or more remediation actions, by the third party computing system of the first entity, for the identified one or more vulnerabilities within a predefined period of time;
 receiving, by the at least one processor, via the communication interface, a status of the one or more remediation actions; and 
based on the third party computing system of the first entity implementing the one or more remediation actions, storing, by the at least one processor, updated first asset inventory data of the third party computing system of the first entity.  
However, Li teaches requesting, by the at least one processor, implementation of one or more remediation actions, by the third party computing system of the first entity (Li, Para. 0008, It requires the utilities to (1) identify patch sources for all installed software and firmware, (2) identify applicable security patches on a monthly basis, and (3) determine whether to apply the security patch or mitigate the security vulnerability), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3. The search engine supports queries of vulnerabilities released in a certain time span (i.e., last 30 days) with specific CPEs or generic CPEs); 
receiving, by the at least one processor, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034, analyzes vulnerabilities, recommends remediation decisions (i.e., patch quickly or defer patching) for vulnerabilities); and 
based on the third party computing system of the first entity implementing the one or more remediation actions (Li, Para. 0048, machine learning technologies to automate remediation action analysis. A prediction model is trained first over historical operation data. Then for a new vulnerability, the model takes the vulnerability's asset characteristics and vulnerability characteristics as inputs and outputs a predicted remediation action), storing, by the at least one processor, updated first asset inventory data of the third party computing system of the first entity (Li, Paras. 0058- 0059, Most utilities keep historical vulnerability and decision data for future retrieval and government inspection; note the decision data which can interpret as updated first asset inventory data).  
Gerrick and Li are both considered to be analogous to the claim invention because they are in the same field of generating alerts based on continuous monitoring of third-party systems. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include requesting, by the at least one processor, implementation of one or more remediation actions, by the third party computing system of the first entity (Li, Para. 0008), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3); 
receiving, by the at least one processor, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034); and 
based on the third party computing system of the first entity implementing the one or more remediation actions (Li, Para. 0048), storing, by the at least one processor, updated first asset inventory data of the third party computing system of the first entity (Li, Paras. 0058- 0059). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 13, the combination of Gerrick and Li teaches the method of claim 12, further comprising: 
receiving, by the at least one processor, via the communication interface, second asset inventory data of a third party computing system of a second entity (Gerrick, Para. 0020, the system 100 may include one or more devices belonging to an asset, an application, or thread owner (owner device(s) 102), one or more devices belonging to a cyber security expert or service technician (service device(s) 104)) and (Para. 0032, the vulnerability scanner 110 scans the assets 112. During step 302, the vulnerabilities are catalogued as raw vulnerability data and sent to the vulnerability analytics server(s) 106) and (Para. 0033, the vulnerability analytics server(s) 106 mines the raw vulnerability data);
 identifying, by the at least one processor, one or more vulnerabilities based on comparing the second asset inventory data of the third party computing system of the second entity to a list of security vulnerability definitions maintained in the common vulnerabilities and exposures database (Gerrick, Paras. 0032, and 0042, the individual asset data in the raw vulnerability data may be compared against asset inventory data in the asset inventory database 114), and (para. 0033, an asset value is a value that identifies the asset associated with the vulnerability data); 
sending, by the at least one processor, via the communication interface, to the third party computing system of the second entity, a notification of the identified one or more vulnerabilities (Gerrick, 0022, The vulnerability analytics server(s) 106 analyzes vulnerability data, informs the owner device 102 and/or the service device 104 of vulnerabilities, automates a remediation process, and generates reports of vulnerabilities associated with the assets 112);
 requesting, by the at least one processor, implementation of one or more remediation actions, by the third party computing system of the second entity (Li, Para. 0008, It requires the utilities to (1) identify patch sources for all installed software and firmware, (2) identify applicable security patches on a monthly basis, and (3) determine whether to apply the security patch or mitigate the security vulnerability), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3. The search engine supports queries of vulnerabilities released in a certain time span (i.e., last 30 days) with specific CPEs or generic CPEs);
 receiving, by the at least one processor, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034, analyzes vulnerabilities, recommends remediation decisions (i.e., patch quickly or defer patching) for vulnerabilities); and 
based on the third party computing system of the second entity implementing the one or more remediation actions (Li, Para. 0048, machine learning technologies to automate remediation action analysis. A prediction model is trained first over historical operation data. Then for a new vulnerability, the model takes the vulnerability's asset characteristics and vulnerability characteristics as inputs and outputs a predicted remediation action), storing, by the at least one processor, updated second asset inventory data of the third party computing system of the second entity (Li, Paras. 0058- 0059, Most utilities keep historical vulnerability and decision data for future retrieval and government inspection; note the decision data which can interpret as updated first asset inventory data).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include requesting, by the at least one processor, implementation of one or more remediation actions, by the third party computing system of the second entity (Li, Para. 0008), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3); 
receiving, by the at least one processor, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034); and 
based on the third party computing system of the second entity implementing the one or more remediation actions (Li, Para. 0048), storing, by the at least one processor, updated second asset inventory data of the third party computing system of the second entity (Li, Paras. 0058- 0059). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 14, the combination of Gerrick and Li teaches the method of claim 13, wherein the first entity and the second entity are different third party entities (Gerrick, Fig. 1, Para. 0020, The system 100 may include one or more devices belonging to an asset, an application, or thread owner (owner device(s) 102), one or more devices belonging to a cyber security expert or service technician (service device(s) 104)).  

In regards to claim 16, the combination of Gerrick and Li teaches the method of claim 13, further comprising: 
detecting, by the at least one processor, common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0044, Each vulnerability is identified by a unique Common Vulnerability Enumeration (CVE) ID, such as CVE-2016-8882. It provides which products are affected by the vulnerability by specifying the products CPE names under the vulnerability. Each vulnerability also comes with Common Vulnerability Scoring System (CVSS) metrics which describe the vulnerability features); and 
generating, by the at least one processor, a report on the common issues (Li, Para. 0045).
Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include detecting, by the at least one processor, common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0044); and 
generating, by the at least one processor, a report on the common issues (Li, Para. 0045). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 17, the combination of Gerrick and Li teaches the method of claim 13, further comprising:
 detecting, by the at least one processor, common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0006, these VPM solutions mainly address security issues for operating systems such as Windows, Mac, and Linux, and the applications running on these systems. They can automatically discover vulnerabilities and deploy available patches); and
 generating, by the at least one processor, notifications to a third entity different from the first entity and the second entity based on the detected common issues (Li, Para. 0044, The NVD publishes vulnerabilities for a variety of products daily. Each vulnerability is identified by a unique Common Vulnerability Enumeration (CVE) ID, such as CVE-2016-8882. It provides which products are affected by the vulnerability by specifying the products CPE names under the vulnerability. Each vulnerability also comes with Common Vulnerability Scoring System (CVSS) metrics which describe the vulnerability features).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include detecting, by the at least one processor, common issues across a vendor landscape based on the first asset inventory data and the second asset inventory data (Li, Para. 0006); and
generating, by the at least one processor, notifications to a third entity different from the first entity and the second entity based on the detected common issues (Li, Para. 0044). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

In regards to claim 18, the combination of Gerrick and Li teaches the method of claim 12, wherein requesting implementation of the one or more remediation actions for the identified one or more vulnerabilities comprises requesting implementation of one or more remediation actions based on a severity level of the identified one or more vulnerabilities (Li, Para. 0045, the CVSS score is a number between 0 and 10 determined by the metrics to describe, in general, a vulnerability's overall severity).  Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include wherein requesting implementation of the one or more remediation actions for the identified one or more vulnerabilities comprises requesting implementation of one or more remediation actions based on a severity level of the identified one or more vulnerabilities (Li, Para. 0045). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).
  
In regards to claim 19, the combination of Gerrick and Li teaches the method of claim 12, further comprising:
 updating, by the at least one processor, a machine learning classification model based on remediation actions (Li, Para. 0093, comparing the decision tree paths, the vulnerabilities go through, and the provided rules, “Model Update” module can automatically update the decision tree model by making offspring paths), wherein the machine learning classification model is configured to automatically prioritize cybersecurity risks for remediation (Li, Para. 0032, when new vulnerabilities are fed into the trained model, the predicted decisions and the rationales will be outputted automatically). Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include updating, by the at least one processor, a machine learning classification model based on remediation actions (Li, Para. 0093), wherein the machine learning classification model is configured to automatically prioritize cybersecurity risks for remediation (Li, Para. 0032). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).  

In regards to claim 20, Gerrick discloses one or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory, cause the computing platform to (Gerrick, Para. 0024):
 receive, via the communication interface, first asset inventory data of a third party computing system of a first entity (Gerrick, Para. 0032, the vulnerability scanner 110 scans the assets 112. During step 302, the vulnerabilities are catalogued as raw vulnerability data and sent to the vulnerability analytics server(s) 106) and (Para. 0033, the vulnerability analytics server(s) 106 mines the raw vulnerability data); 
identify one or more vulnerabilities based on comparing the first asset inventory data of the third party computing system of the first entity to a list of security vulnerability definitions maintained in a common vulnerabilities and exposures database (Gerrick, Paras. 0032, and 0042, the individual asset data in the raw vulnerability data may be compared against asset inventory data in the asset inventory database 114), and (para. 0033, an asset value is a value that identifies the asset associated with the vulnerability data); 
send, via the communication interface, to the third party computing system of the first entity, a notification of the identified one or more vulnerabilities (Gerrick, 0022, The vulnerability analytics server(s) 106 analyzes vulnerability data, informs the owner device 102 and/or the service device 104 of vulnerabilities, automates a remediation process, and generates reports of vulnerabilities associated with the assets 112); 
Gerrick fails to disclose request implementation of one or more remediation actions, by the third party computing system of the first entity, for the identified one or more vulnerabilities within a predefined period of time; 
receive, via the communication interface, a status of the one or more remediation actions; and 
based on the third party computing system of the first entity implementing the one or more remediation actions, store updated first asset inventory data of the third party computing system of the first entity.
However, Li teaches request implementation of one or more remediation actions, by the third party computing system of the first entity (Li, Para. 0008, It requires the utilities to (1) identify patch sources for all installed software and firmware, (2) identify applicable security patches on a monthly basis, and (3) determine whether to apply the security patch or mitigate the security vulnerability), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3. The search engine supports queries of vulnerabilities released in a certain time span (i.e., last 30 days) with specific CPEs or generic CPEs); 
receive, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034, analyzes vulnerabilities, recommends remediation decisions (i.e., patch quickly or defer patching) for vulnerabilities); and 
based on the third party computing system of the first entity implementing the one or more remediation actions (Li, Para. 0048, machine learning technologies to automate remediation action analysis. A prediction model is trained first over historical operation data. Then for a new vulnerability, the model takes the vulnerability's asset characteristics and vulnerability characteristics as inputs and outputs a predicted remediation action), store updated first asset inventory data of the third party computing system of the first entity (Li, Paras. 0058- 0059, Most utilities keep historical vulnerability and decision data for future retrieval and government inspection; note the decision data which can interpret as updated first asset inventory data).  
Gerrick and Li are both considered to be analogous to the claim invention because they are in the same field of generating alerts based on continuous monitoring of third-party systems. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick to incorporate the teachings of Li to include request implementation of one or more remediation actions, by the third party computing system of the first entity (Li, Para. 0008), for the identified one or more vulnerabilities within a predefined period of time (Li, Para. 0046, FIG. 3); 
receive, via the communication interface, a status of the one or more remediation actions (Li, Para. 0034); and 
based on the third party computing system of the first entity implementing the one or more remediation actions (Li, Para. 0048), store updated first asset inventory data of the third party computing system of the first entity (Li, Paras. 0058- 0059). Doing so would aid to automate the vulnerability analysis and decision-making process, replace the current timely and tedious manual analysis, and advance the security vulnerability remediation practice from manual operations and automated operations, dramatically reducing the human efforts needed (Li, Para. 0012).

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Gerrick (US 2019/0166149 A1) in view of Li et al. (US 2019 / 0102564 A1), and further in view of Tarameshloo et al. (US 2020/0267186 A1).

In regards to claim 5, the combination of Gerrick and Li fails to teach the computing platform of claim 2, wherein the identified one or more vulnerabilities comprise a zero-day vulnerability. 
However, Tarameshloo teaches the computing platform of claim 2, wherein the identified one or more vulnerabilities comprise a zero-day vulnerability (Tarameshloo, Para. 0086, The threat intelligence database 424 may include information relating to viruses, identified security vulnerabilities, zero-day attacks).  
Gerrick, Li, and Tarameshloo are all considered to be analogous to the claim invention because they are in the same field of generating alerts based on continuous monitoring of third-party systems. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick and Li to incorporate the teachings of Tarameshloo to include the computing platform of claim 2, wherein the identified one or more vulnerabilities comprise a zero-day vulnerability (Tarameshloo, Para. 0086). Doing so would aid the security enhanced directed graph to generate not just on the isolated knowledge of one architect, but on an entire body of knowledge spread out over various platforms (e.g., previous solution profiles for different architectures, third party web sites, etc.) to incorporate far more security solutions in the security enhanced directed graph and generate a far more robust system than was previously possible (Tarameshloo, Para. 0036).

In regards to claim 15, the combination of Gerrick and Li fails to teach the method of claim 13, wherein the identified one or more vulnerabilities comprise one or more security vulnerabilities associated with an asset. 
However, Tarameshloo teaches the method of claim 13, wherein the identified one or more vulnerabilities comprise one or more security vulnerabilities associated with an asset (Tarameshloo, Para. 0086, The threat intelligence database 424 may include information relating to viruses, identified security vulnerabilities, zero-day attacks).  
Gerrick, Li, and Tarameshloo are all considered to be analogous to the claim invention because they are in the same field of generating alerts based on continuous monitoring of third-party systems. Therefore, it would have been obvious to someone ordinary skill in the art before the effective filling date of the claimed invention to have modified Gerrick and Li to incorporate the teachings of Tarameshloo to include the method of claim 13, wherein the identified one or more vulnerabilities comprise one or more security vulnerabilities associated with an asset (Tarameshloo, Para. 0086). Doing so would aid the security enhanced directed graph to generate not just on the isolated knowledge of one architect, but on an entire body of knowledge spread out over various platforms (e.g., previous solution profiles for different architectures, third party web sites, etc.) to incorporate far more security solutions in the security enhanced directed graph and generate a far more robust system than was previously possible (Tarameshloo, Para. 0036).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Malhotra (US 2021/0014256 A1) teaches a method and apparatus for automated intelligent detection and mitigation of cyber security threats.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571) 272-0248. The examiner can normally be reached 9:30 AM- 6:30 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/G.F./
Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496