DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This Office Action is in response to Application filed on February 01, 2022 in which claims 1-20 are presented for examination.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on August 16, 2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites the limitation "the respective network asset" in lines 8, 9, 10, 12, 13, 15, 16.  There is insufficient antecedent basis for this limitation in the claim.

Claim 1, recites the limitation “the respective priorities” in line 18. There is insufficient antecedent basis for this limitation in the claim.

As per claims 2-16, these claims are at least rejected for their dependencies, directly or indirectly, on the rejected claim 1. Therefore, they are rejected as set forth in paragraph above.

Claim 17 recites the limitation "the respective network asset" in lines 10, 11, 12, 13, 14, 15, 16, 17, 18.  There is insufficient antecedent basis for this limitation in the claim.

Claim 17, recites the limitation “the respective priorities” in line 22. There is insufficient antecedent basis for this limitation in the claim.

As per claims 18-20, these claims are at least rejected for their dependencies, directly or indirectly, on the rejected claim 17. Therefore, they are rejected as set forth in paragraph above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rajagopalan et al. US Publication No. 2016/0260187 in view of Edukulla et al. US Patent No. 8,479,297.

Regarding claim 1, Rajagopalan et al. disclose “a method for providing network delivered services, the method comprising: receiving an asset inventory comprising a set of network assets associated with an asset owner or an asset manager, wherein each network asset of the set of network assets comprises a plurality of service characteristics (Figure 2, Paragraphs 0007 describing interactions between a management service and external resources to provision digital asset management; Paragraphs 0028-0040 describing a management service 211 may interact with external resources and an asset manager 210, among others to generate digital asset management actions. The digital asset management actions may be used to dispose of the digital assets of an asset owner 214); “receiving a scope of available network services associated with an asset servicer for at least some network assets of the set of network assets” (Figure 2, Components 203, 205, 207, 209; Paragraphs 0030-0032 describing storage service 203 may store a digital asset 204 such as a document of the asset; communication service 205 may provide communication related functionality such as an email service, a teleconference service, and a messaging service, among others; social networking service 207 may provide a digital asset 208 such as the social networking presence of the asset owner 214;  application service 209 may provide a digital asset 212 such as an application used by the asset owner 214);
 (Paragraph 0039 describing asset manager 210 may customize the digital assets (204, 206, 208, and 212), the asset categories, the suggested actions, and the suggested trigger events. Customization may include selection of a subset of the digital assets (204, 206, 208, and 212) for disposition, reclassification of the digital assets (204, 206, 208, and 212) to other asset categories, modification of the suggested actions, and modification of the suggested trigger events, among others); “ (through a classification methodology that categorizes assets, Paragraph 0036, 0044 describing policy engine 310 may also process the digital asset 308 to classify the digital asset 308 into an asset category 317); by providing Provisioning of digital asset management, wherein a service such as a management service retrieves digital assets from external resources in response to a search of the external resources. The digital assets are classified to asset categories (See Abstract; Figure 7; Paragraphs 0012, 0072-0076). It is noted however, Rajagopalan et al. did not specifically disclose the claimed limitations of “from the service characteristics of the respective network asset, selecting one or more importance-related ranking attributes for the respective network asset and one or more scannability-related ranking attributes for the respective network asset”; “based on the importance-related ranking attributes for the respective network asset, determining an importance of the respective network asset”; “based on the scannability-related ranking attributes for the respective network asset or the or a scope of available network services associated with the asset servicer, determining a scannability of the respective network asset”” as recited in the instant claim 1. On the other hand, Edukulla et al. achieved the aforementioned claimed features by providing a system that has a data processing apparatus e.g. computer, for determining a set of composite factors for each of multiple network assets (402) based on a set of asset factors for the asset defined by each of multiple composite rules. The apparatus determines a composite priority factor (404) for each asset based on the composite factors by summing a set of associated weights of each composite factor having a true Boolean value. The apparatus ranks the assets based on the composite priority factors to define an order by which the assets are to be subjected to a set of security processes (See Abstract; Figures 1-4; Col. 1, line 64-Col. 2, line 53; Figures 3-4; Col. 15, line 61-Col. 17, line 17). Particularly, Edukulla et al. disclose “from the service characteristics of the respective network asset, selecting one or more importance-related ranking attributes for the respective network asset and one or more scannability-related ranking attributes for the respective network asset” (Col 16, lines 47-50 describing the process 300 ranks the assets according to their corresponding composite priority factor (314). The ranking defines an order by which the assets are to be subjected to one or more security processes); “based on the importance-related ranking attributes for the respective network asset, determining an importance of the respective network asset” (Col. 16, line 64-Col. 17, line 1 describing network asset prioritizer 102 allows users to view assets sorted according to the composite priority factors. Ranking assets according to the composite priority factor allows a user to quickly identify which assets are most critical for a system; Col. 11, lines 29-32 describing a priority value can be associated with each classification metric (e.g., a score from 1-10), and the assets are prioritized according to a function of the underlying priority values of each classification metric); “based on the scannability-related ranking attributes for the respective network asset or the or a scope of available network services associated with the asset servicer, determining a scannability of the respective network asset” (Figures 3-4; Col. 15, line 61-Col. 17, line 17). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the prioritizing network assets methodology of Edukulla et al. into the asset management system of Rajagopalan et al. because they are both directed to network asset management and are both from the same field of endeavor. Such combination would have enhanced the versatility of Rajagopalan et al. by allowing it to automate prioritization of assets based on multiple metrics across a set of dimensions and allows a set of security and risk managers to uses a logical framework that is scalable for thousands of assets; to use pre-existing data from commercially available security and compliance software and services, thus reducing deployment costs; to allows a set of administrators to determine a set of most critical assets from a set of less critical assets and applies a set of security and compliance resources to each asset according to ranking of the asset, where a set of highest ranked assets in an identified state can be processed for additional security and compliance factors that are resource intensive, thus allocating a set of limited resources to most important enterprise assets. Therefore, the administrators can feasibly determine a priority scheme without an automated framework even if thousands of assets are faced.

As per claim 2, Edukulla et al. disclose “wherein selecting the importance-related ranking attributes or determining the importance of the respective network asset is based, at least in part, on importance-related weights assigned to at least some service characteristics of the plurality of service characteristics” (Figure 4; Col. 17, lines 5-17 Col. 11, lines 29-32 describing a priority value can be associated with each classification metric (e.g., a score from 1-10), and the assets are prioritized according to a function of the underlying priority values of each classification metric).

As per claim 3, Edukulla et al. disclose “adjusting at least some of the importance-related weights assigned to the at least some service characteristics, based at least in part on: the importance of one or more network assets of the at least some network assets, the scannability of one or more network assets of the at least some network assets, or the priority of one or more network assets of the at least some network assets” (Col. 11, lines 29-32 describing a priority value can be associated with each classification metric (e.g., a score from 1-10), and the assets are prioritized according to a function of the underlying priority values of each classification metric; Col. 4, lines 45-49 describing active countermeasures make changes to the configuration of assets or the configuration of existing passive countermeasures to actively eliminate a vulnerability).

As per claim 4, Edukulla et al. disclose “wherein selecting the scannability-related ranking attributes or determining the scannability of the respective network asset is based, at least in part, on scannability-related weights assigned to at least some service characteristics of the plurality of service characteristics (Figure 4).

As per claim 5, Edukulla et al. disclose “adaptively adjusting at least some of the scannability-related weights assigned to the at least some service characteristics, based at least in part on: the importance of one or more network assets of the at least some network assets, the scannability of one or more network assets of the at least some network assets, or the priority of one or more network assets of the at least some network assets” (Col. 11, lines 29-32 describing a priority value can be associated with each classification metric (e.g., a score from 1-10), and the assets are prioritized according to a function of the underlying priority values of each classification metric; Col. 4, lines 45-49 describing active countermeasures make changes to the configuration of assets or the configuration of existing passive countermeasures to actively eliminate a vulnerability).


As per claims 6-9, Edukulla et al. disclose “identifying duplicate network assets within the asset inventory; and removing the duplicate network assets from the asset inventory”; “determining that the priorities of a subset of the at least some network assets are below a threshold value; and removing the subset of the at least some network assets from the set of network assets or the prioritized asset inventory”; “receiving user identification that a priority of a particular network asset of the at least some network assets comprises a false priority; and removing the particular network asset from the set of network assets or the prioritized asset inventory” “storing particular service characteristics associated with the particular network asset comprising the false priority; and adjusting performance-related weights or scannability-related weights associated with the particular service characteristics based on the false priority” (Figures 1-4; Col. 1, line 64-Col. 17, line 17).

As per claim 10, Rajagopalan et al. disclose “applying at least one network service from the scope of available network services to at least one network asset in the prioritized asset inventory” (Figure 2; paragraph 0007 describing a management service to provision digital asset management wherein network services 203, 205, 207 and 209 are applied to one network asset; Paragraphs 0028-0040).

As per claims 11-16, Edukulla et al. disclose “wherein the applying the at least one network service comprises: from the prioritized asset inventory, identifying a best candidate network asset for at the least one network service based, at least in part, on the priorities of the network assets in the prioritized asset inventory; and applying the at least one network service to the identified best candidate network asset; wherein the applying the at least one network service comprises: determining that the priority of the at least one network asset is above a threshold priority; and applying the at least one network service to the at least one network asset; wherein the applying the at least one network service comprises: determining that the priority of the at least one network asset is above a threshold priority; and issuing a security crisis alert; wherein: the service characteristics of the at least one network asset comprise security characteristics; the scope of available network services comprises a scope of available security tests; and the at least one network service comprises at least one security test; identifying potential candidate network assets missing from the asset inventory; and adding the potential candidate network assets to the asset inventory; generating the asset inventory based, at least in part, on an asset identifier provided by the asset manager or asset owner” (Figures 1-4; Col. 1, line 64-Col. 17, line 17).

Regarding claim 17, Rajagopalan et al. disclose “a system for providing network delivered services, the system comprising: an asset database frontend configured to receive an asset inventory comprising a set of network assets associated with an asset owner or an asset manager, wherein each network asset of the set of network assets comprises a plurality of service characteristics (Figure 2, Paragraphs 0007 describing interactions between a management service and external resources to provision digital asset management; Paragraphs 0028-0040 describing a management service 211 may interact with external resources and an asset manager 210, among others to generate digital asset management actions. The digital asset management actions may be used to dispose of the digital assets of an asset owner 214); “and a logic device configured to communicate with the asset database frontend, wherein the logic device is configured to receiving a scope of available network services associated with an asset servicer for at least some network assets of the set of network assets” (Figure 2, Components 203, 205, 207, 209; Paragraphs 0030-0032 describing storage service 203 may store a digital asset 204 such as a document of the asset; communication service 205 may provide communication related functionality such as an email service, a teleconference service, and a messaging service, among others; social networking service 207 may provide a digital asset 208 such as the social networking presence of the asset owner 214;  application service 209 may provide a digital asset 212 such as an application used by the asset owner 214); (Paragraph 0039 describing asset manager 210 may customize the digital assets (204, 206, 208, and 212), the asset categories, the suggested actions, and the suggested trigger events. Customization may include selection of a subset of the digital assets (204, 206, 208, and 212) for disposition, reclassification of the digital assets (204, 206, 208, and 212) to other asset categories, modification of the suggested actions, and modification of the suggested trigger events, among others); (through a classification methodology that categorizes assets, Paragraph 0036, 0044 describing policy engine 310 may also process the digital asset 308 to classify the digital asset 308 into an asset category 317); by providing Provisioning of digital asset management, wherein a service such as a management service retrieves digital assets from external resources in response to a search of the external resources. The digital assets are classified to asset categories (See Abstract; Figure 7; Paragraphs 0012, 0072-0076). It is noted however, Rajagopalan et al. did not specifically disclose the claimed limitations of “from the service characteristics of the respective network asset, selecting one or more importance-related ranking attributes for the respective network asset and one or more scannability-related ranking attributes for the respective network asset”; “based on the importance-related ranking attributes for the respective network asset, determining an importance of the respective network asset”; “based on the scannability-related ranking attributes for the respective network asset or the or a scope of available network services associated with the asset servicer, determining a scannability of the respective network asset” as recited in the instant claim 17. On the other hand, Edukulla et al. achieved the aforementioned claimed features by providing a system that has a data processing apparatus e.g. computer, for determining a set of composite factors for each of multiple network assets (402) based on a set of asset factors for the asset defined by each of multiple composite rules. The apparatus determines a composite priority factor (404) for each asset based on the composite factors by summing a set of associated weights of each composite factor having a true Boolean value. The apparatus ranks the assets based on the composite priority factors to define an order by which the assets are to be subjected to a set of security processes (See Abstract; Figures 1-4; Col. 1, line 64-Col. 2, line 53; Figures 3-4; Col. 15, line 61-Col. 17, line 17). Particularly, Edukulla et al. disclose “from the service characteristics of the respective network asset, selecting one or more importance-related ranking attributes for the respective network asset and one or more scannability-related ranking attributes for the respective network asset” (Col 16, lines 47-50 describing the process 300 ranks the assets according to their corresponding composite priority factor (314). The ranking defines an order by which the assets are to be subjected to one or more security processes); “based on the importance-related ranking attributes for the respective network asset, determining an importance of the respective network asset” (Col. 16, line 64-Col. 17, line 1 describing network asset prioritizer 102 allows users to view assets sorted according to the composite priority factors. Ranking assets according to the composite priority factor allows a user to quickly identify which assets are most critical for a system; Col. 11, lines 29-32 describing a priority value can be associated with each classification metric (e.g., a score from 1-10), and the assets are prioritized according to a function of the underlying priority values of each classification metric); “based on the scannability-related ranking attributes for the respective network asset or the or a scope of available network services associated with the asset servicer, determining a scannability of the respective network asset” (Figures 3-4; Col. 15, line 61-Col. 17, line 17). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to have incorporated the prioritizing network assets methodology of Edukulla et al. into the asset management system of Rajagopalan et al. because they are both directed to network asset management and are both from the same field of endeavor. Such combination would have enhanced the versatility of Rajagopalan et al. by allowing it to automate prioritization of assets based on multiple metrics across a set of dimensions and allows a set of security and risk managers to uses a logical framework that is scalable for thousands of assets; to use pre-existing data from commercially available security and compliance software and services, thus reducing deployment costs; to allows a set of administrators to determine a set of most critical assets from a set of less critical assets and applies a set of security and compliance resources to each asset according to ranking of the asset, where a set of highest ranked assets in an identified state can be processed for additional security and compliance factors that are resource intensive, thus allocating a set of limited resources to most important enterprise assets. Therefore, the administrators can feasibly determine a priority scheme without an automated framework even if thousands of assets are faced.

As per claim 18, Edukulla et al. disclose “wherein selecting the importance-related ranking attributes or determining the importance of the respective network asset is based, at least in part, on importance-related weights assigned to at least some service characteristics of the plurality of service characteristics; and wherein selecting the scannability-related ranking attributes or determining the scannability of the respective network asset is based, at least in part, on scannability-related weights assigned to at least some service characteristics of the plurality of service characteristics” (Col. 11, lines 29-32 describing a priority value can be associated with each classification metric (e.g., a score from 1-10), and the assets are prioritized according to a function of the underlying priority values of each classification metric; Col. 4, lines 45-49 describing active countermeasures make changes to the configuration of assets or the configuration of existing passive countermeasures to actively eliminate a vulnerability).

As per claim 19, Edukulla et al. disclose “wherein the logic device is further configured to: adaptively adjust at least some of the importance-related weights or scannability-related weights assigned to the at least some service characteristics, based at least in part on: the importance of one or more network assets of the at least some network assets, the scannability of one or more network assets of the at least some network assets, or the priority of one or more network assets of the at least some network assets” (Col. 11, lines 29-32 describing a priority value can be associated with each classification metric (e.g., a score from 1-10), and the assets are prioritized according to a function of the underlying priority values of each classification metric; Col. 4, lines 45-49 describing active countermeasures make changes to the configuration of assets or the configuration of existing passive countermeasures to actively eliminate a vulnerability).

As per claim 20, Edukulla et al. disclose “wherein the logic device is further configured to: from the prioritized asset inventory, identify a candidate network asset for at the least one network service based, at least in part, on the priorities of the network assets in the prioritized asset inventory; and apply at the least one network service to the identified candidate network asset” (Figures 1-4; Col. 1, line 64-Col. 17, line 17).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANTZ COBY whose telephone number is (571)272-4017. The examiner can normally be reached Monday-Thursday 7AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571 270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FRANTZ COBY/Primary Examiner, Art Unit 2456                                                                                                                                                                                                        October 17, 2022