DETAILED ACTION
This office action is in reply to applicant communication filed on July 26, 2022.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 22-40 have been cancelled.
Claims 1-21 are pending. 

Response to Argument
Applicant’s arguments filed on July 26, 2022 with respect to the 35 USC 102/103 rejections of independent claims have been fully considered but they are not persuasive.

Applicant’s argues that the prior arts on record, Schrecker (US Pub. No. 2013/0247205) in view of Cao (US Pub. No. 2016/0034293, fails to teach the limitation of independent claims, “… calculate at least one security metric for a first tenant based at least in part on information associated with at least one virtual resource of the first tenant and at least one interaction of the at least one virtual resource of the first tenant with at least one virtual resource of at least one other tenant in a multi-tenant virtualized infrastructure”. Examiner respectfully disagrees.

A review of the prior arts of the record (Schrecker), corresponding to part of the above argued claim limitation (i.e., calculate at least one security metric for a first tenant/asset/device based at least in part on information associated with at least one asset/device and at least one interaction of the at least one asset/device with at least one asset/device ) reveals that part of the argued limitation is disclosed by Schrecker’s reference as, (paragraph 34 of Schrecker, the network monitor 102 receives data from several sources in order to determine a risk metric for a given asset and a given threat) and (paragraph 29 of Schrecker, network-based sensor includes one or more processors, a memory subsystem, and an input/output subsystem. The one or more processors are programmed according to instructions stored in the memory subsystem, and monitor the network traffic (i.e., the claimed interaction) passing through the input/output subsystem) and (paragraph 24 of Schrecker, the agent-based sensors 108 and the network based sensors 110 monitor the assets themselves and/or network traffic to and from the assets). Schrecker’s reference further teaches about the agent-based sensors 108 as, (paragraph 27 of Schrecker, the agent-based based sensors 108 (i.e., the claimed resource of the first tenant) are software-based sensors that are installed on respective assets 104. For example, agent-based sensor 108a is installed on asset 104a, agent-based sensor 108b is installed on asset 104c, and agent-based sensor 108c is installed on asset 104e. The agent-based sensors 108 run various analyses on their respective assets 104, for example, to identify vulnerabilities on the assets 104 or to identify viruses or other malware executing on the assets 104. The agent-based sensors may also provide one or more passive countermeasures for threats, as described above. Example agent-based sensors include antivirus software). In addition, Schrecker’s reference teaches how the network monitor 102 uses the information associated with the agent-based sensors 108 (i.e., the claimed resource of the first tenant) to generate risk metrics as, (paragraph 32 of Schrecker, the network monitor 102 is one or more computers, each of which includes one or more processors, a memory subsystem, and an input/output subsystem. The network monitor 102 is programmed to process data about potential threats on the network, as well as countermeasures provided by the sensors (i.e., the claimed information associated with at least one resource of the first tenant) and vulnerabilities of the assets, in order to generate risk metrics for assets and threats. The network monitor 102 can also aggregate risk metrics across the system). In regards to the argument about the claimed “… at least one interaction of the at least one resource of the first tenant with at least one resource of at least one other tenant …”, the Schrecker’s reference teaches this limitation as, (paragraph 24 of Schrecker, passive countermeasures are provided by two kinds of sensors: agent-based sensors 108 and network-based sensors 110. The agent-based sensors 108 and the network-based sensors 110 monitor the assets themselves and/or network traffic to and from the assets. For illustrative purposes, the sensors are described below as both monitoring the assets and protecting the assets by providing one or more countermeasures) and (paragraph 29 of Schrecker, network-based sensor includes one or more processors, a memory subsystem, and an input/output subsystem. The one or more processors are programmed according to instructions stored in the memory subsystem, and monitor the network traffic (i.e., the claimed interaction) passing through the input/output subsystem) and (paragraph 34 of Schrecker, the network monitor 102 receives data from several sources in order to determine a risk metric for a given asset and a given threat). Schrecker’s reference fails to discloses the system of having virtualized infrastructures of tenants in a cloud environment. However, in the same field of endeavor, Cao’s reference teaches this limitation as, (paragraph 69 of Cao, metrics relating to security 950 may include user security requirements, data security requirements that determine where data is stored, encryption/decryption of data, etc. Other types of metrics not shown in FIG. 9 could also be used, and are within the scope of the disclosure and claims herein. For example, a metric could include number of users for a VM or a sub-pattern, a number of users per cloud, a number of VMs per cloud, a number of users or VMs per tenant (organization), etc). Therefore, the cited arts clearly disclosed the argued limitation of independent claims as disclosed in the previous office action. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-5, 12-17, and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Schrecker (US Pub. No. 2013/0247205) in view of Cao (US Pub. No. 2016/0034293).

As per claim 1 Schrecker discloses:
A computing device for evaluating security for the computing device comprising processing circuitry including instructions executable by the processing circuitry to configure the computing device to: (paragraph 117 of Schrecker, embodiments of the subject matter and the functional operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them. Embodiments of the subject matter described in this specification can be implemented as one or more computer programs, i.e., one or more modules of computer program instructions encoded on a computer storage medium for execution by, or to control the operation of, data processing apparatus) and (paragraph 32 of Schrecker, the network monitor 102 is one or more computers, each of which includes one or more processors, a memory subsystem, and an input/output subsystem. The network monitor 102 is programmed to process data about potential threats on the network, as well as countermeasures provided by the sensors and vulnerabilities of the assets, in order to generate risk metrics for assets and threats. The network monitor 102 can also aggregate risk metrics across the system).
Calculate at least one security metric for a [asset/device]based at least in part on information associated with at least one resource of the first tenant and at least one interaction of the at least one  resource of the first tenant with at least one resource of at least one other [asset/device] in a multi-[asset/device] infrastructure; (paragraph 34 of Schrecker, the network monitor 102 receives data from several sources in order to determine a risk metric for a given asset and a given threat) and (paragraph 29 of Schrecker, network-based sensor includes one or more processors, a memory subsystem, and an input/output subsystem. The one or more processors are programmed according to instructions stored in the memory subsystem, and monitor the network traffic (i.e., the claimed interaction) passing through the input/output subsystem) and (paragraph 24 of Schrecker, the agent-based sensors 108 and the network based sensors 110 monitor the assets themselves and/or network traffic to and from the assets).
Evaluate at least one security parameter for the [asset/device] based at least in part on at least one of the at least one calculated security metric for monitoring a security level of the [asset/device] relative to the at least one other tenant in the multi-tenant virtualized infrastructure. (Paragraph 112 of Schrecker, the network monitor 102 can list all assets or threats, sorted by aggregate risk metric, or can list a top number, e.g., top ten, of the assets or threats. Ranking assets and threats according to the aggregate risk score allows a user to quickly identify which assets are most at risk, or which threats are most dangerous for a system. The user can then remediate the most at-risk assets before remediating other less-at-risk assets, or can apply remediations across the system for the riskiest threats before applying remediations for other, less-risky threats).
Schrecker teaches the method of calculating/determining a risk metric for a given asset (see paragraph 102 of Schrecker) but fails to disclose:
The system of having virtualized infrastructures of tenants in a cloud environment.
However, in the same field of endeavor, Cao teaches this limitation as, (paragraph 69 of Cao, metrics relating to security 950 may include user security requirements, data security requirements that determine where data is stored, encryption/decryption of data, etc. Other types of metrics not shown in FIG. 9 could also be used, and are within the scope of the disclosure and claims herein. For example, a metric could include number of users for a VM or a sub-pattern, a number of users per cloud, a number of VMs per cloud, a number of users or VMs per tenant (organization), etc).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schrecker and include the above limitation using the teaching of Cao in order to substitute one method for the other to get the same end result of securing computing system (computer network or cloud environment).

Claim 21 is rejected under the same reason set forth in rejection of claim 1:

As per claim 2 Schrecker in view of Cao discloses:
The computing device of Claim 1, wherein each of the at least one virtual resource of the first tenant and the at least one virtual resource of the at least one other tenant includes at least one of a compute resource and a network resource. (Paragraph 28 of Schrecker, the network-based sensors 110 are hardware devices and/or software in a data communication path between assets 104 protected by the sensor and the network resources that the asset is attempting to access).

As per claim 3 Schrecker in view of Cao discloses:
The computing device of Claim 2, wherein the at least one interaction of the at least one virtual resource of the first tenant with the at least one virtual resource of the at least one other tenant includes: at least one interaction between the at least one of the compute resource and the network resource of the first tenant and the at least one of the compute resource and the network resource of the at least one other tenant. (Paragraph 28 of Schrecker, the network-based sensors 110 are hardware devices and/or software in a data communication path between assets 104 protected by the sensor and the network resources that the asset is attempting to access).

As per claim 4 Schrecker in view of Cao discloses:
The computing device of Claim 1, wherein the processing circuitry includes further instructions executable by the processing circuitry to configure the computing device to: obtain at least one weight, the at least one weight based at least in part on at least one vulnerability score of at least one known vulnerability associated with the at least one virtual resource of the first tenant. (Paragraph 90 of Schrecker, users can specify weights for multiple scores or factors. Weights of zero effectively remove a score or factor from the risk metric calculation. Users can also use the weights to increase the effect of a score or factor, or to decrease the effect of a score or factor).

As per claim 5 Schrecker in view of Cao discloses:
The computing device of Claim 4, wherein the processing circuitry includes further instructions executable by the processing circuitry to configure the computing device to evaluate the at least one security parameter using the obtained at least one weight. (Paragraph 91 of Schrecker, when the network monitor 102 allows users to use weights, the network monitor rebalances the resulting risk metric so that it is in the same range as an unweighted risk metric would have been).

As per claim 12 Schrecker in view of Cao discloses:
The computing device of claim 1, wherein the at least one security parameter includes at least one of a maximum proximity, a multi-tenancy attack surface, and a maximum exposure. (Paragraph 7 of Schrecker, the actions can further include determining a respective risk metric for the asset and each of a plurality of threats; and determining an aggregate risk metric for the asset from the respective risk metrics for the asset and each of the plurality of threats. The aggregate risk metric is one of: a sum of the respective risk metrics, a mean of the respective risk metrics, a maximum of the respective risk metrics, a minimum of the respective risk metrics, or a mode of the respective risk metrics).

As per claim 13 Schrecker in view of Cao discloses:
The computing device of claim 1, wherein the processing circuitry includes further instructions executable by the processing circuitry to configure the computing device to evaluate the at least one security parameter for the first tenant by: evaluating a maximum proximity for the first tenant, the maximum proximity representing a maximum coverage metric for the first tenant relative to the at least one other tenant. (Paragraph 100 of Schrecker, the aggregate risk metric is the maximum risk metric from the risk metrics for assets to which the particular threat is applicable and the particular threat).

As per claim 14 Schrecker in view of Cao discloses:
The computing device of claim 1, wherein the processing circuitry includes further instructions executable by the processing circuitry to configure the computing device to evaluate the at least one security parameter for the first tenant by: evaluating a multi-tenancy attack surface for the first tenant, the multi-tenancy attack surface representing a set of virtual resources belonging to the first tenant on a host that can be attacked. (Paragraph 7 of Schrecker, the actions can further include selecting a group of assets including the asset; determining an aggregate risk metric for each asset in the group of assets; and determining an aggregate risk metric for the group of assets from the aggregate risk metric for each asset in the group of assets. The actions can further include determining a respective risk metric for each of a plurality of assets and the threat; and determining an aggregate risk metric for the threat from the respective risk metrics for each of the plurality of assets and the threat).

As per claim 15 Schrecker in view of Cao discloses:
The computing device of claim 1, wherein the processing circuitry includes further instructions executable by the processing circuitry to configure the computing device to evaluate the at least one security parameter for the first tenant by: evaluating a maximum exposure for the first tenant, the maximum exposure representing an exposure of the first tenant in a zone shared with the at least one other tenant. (Paragraph 100 of Schrecker, in other implementations, the aggregate risk metric is the maximum risk metric from the risk metrics for assets to which the particular threat is applicable and the particular threat).

As per claim 16 Schrecker in view of Cao discloses:
The computing device of Claim 14, wherein the multi-tenancy attack surface is evaluated for the first tenant by multiplying a coverage metric and a normalized host sharing metric defined for the host. . (Paragraph 7 of Schrecker, the actions can further include selecting a group of assets including the asset; determining an aggregate risk metric for each asset in the group of assets; and determining an aggregate risk metric for the group of assets from the aggregate risk metric for each asset in the group of assets. The actions can further include determining a respective risk metric for each of a plurality of assets and the threat; and determining an aggregate risk metric for the threat from the respective risk metrics for each of the plurality of assets and the threat).

As per claim 17 Schrecker in view of Cao discloses:
The computing device of Claim 15, wherein the maximum exposure is evaluated for the first tenant by multiplying a coverage metric and an abundance metric defined for a host. (Paragraph 100 of Schrecker, in other implementations, the aggregate risk metric is the maximum risk metric from the risk metrics for assets to which the particular threat is applicable and the particular threat).

As per claim 20 Schrecker in view of Cao discloses:
The computing device of claim 1, wherein the processing circuitry includes further instructions executable by the processing circuitry to configure the computing device to: determine a maximum exposure value for the first tenant for each host in the multi-tenant virtualized infrastructure on which there is at least one of the at least one virtual resource of the first tenant; and calculate an overall maximum exposure value for the first tenant by combining each determined maximum exposure value. (Paragraph 100 of Schrecker, in other implementations, the aggregate risk metric is the maximum risk metric from the risk metrics for assets to which the particular threat is applicable and the particular threat) and (paragraph 101 of Schrecker, the system generates multiple aggregate risk metrics for the particular threat. In some implementations, the system calculates the mean, median, mode, maximum, and minimum of the risk metrics for assets to which the particular threat is applicable and the particular threat, and then generates an overall risk metric by using the resulting values as input to a metric function).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Schrecker (US Pub. No. 2013/0247205) in view of Cao (US Pub. No. 2016/0034293) and further in view of Curcic (US Pub. No. 2015/0215332).

As per claim 6:
The combination of Schrecker and Cao teaches the method of calculating/determining a risk metric for a given asset (see paragraph 102 of Schrecker) but fails to disclose:
The computing device of claim 4, wherein the processing circuitry includes further instructions executable by the processing circuitry to configure the computing device to: dynamically update the at least one weight based on information from an exploitation database.
However, in the same field of endeavor, Curcic teaches this limitation as, (paragraph 42 of Curcic, changes in characteristics of the cloud service providers are reflected back to the cloud service registry 60 and also in the computation of the provider risk scores. The provider information stored in the registry and the provider risk scores are dynamically updated. In this manner, the risk assessment system 50 provides usage risk analysis that is relevant and up-to-date).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schrecker and Cao to include the above limitation using the teaching of Curcis in order to secure the computing system by updating the necessary information in real-time as it happens (see paragraph 42 of Curcis).


Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Schrecker (US Pub. No. 2013/0247205) in view of Cao (US Pub. No. 2016/0034293) and further in view of Tucker (US Pub. No. 2018/0123864).

As per claim 7:
The combination of Schrecker and Cao teaches the method of calculating/determining a risk metric for a given asset (see paragraph 102 of Schrecker) but fails to disclose:
The computing device of claim 1, wherein the at least one security metric includes at least one of a normalized host sharing metric, a coverage metric and an abundance metric.
However, in the same field of endeavor, Tucker teaches this limitation as, (paragraph 109 of Tucker, a coverage metric may be determined at operation 650 for a group of event types. In some implementations, a coverage metric for a group may be determined at operation 650 as being equal to a total number of event types in the group of event types divided by a total number of event types in the set of event types. In some implementations, the coverage metric is expressed as a percentage or a ratio).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schrecker and Cao to include the above limitation using the teaching of Tuckers in order to secure the computing system by calculating the security metric by comparing some event in the group with the total number of event (see paragraph 109 of Tucker) updating the necessary information in real-time as it happens (see paragraph 42 of Curcis).

As per claim 8:
The combination of Schrecker and Cao teaches the method of calculating/determining a risk metric for a given asset (see paragraph 102 of Schrecker) but fails to disclose:
The computing device of Claim 7, wherein: the normalized host sharing metric is based on a number of other tenants that are co-located within a host of the at least one virtual resource of the first tenant; the coverage metric is based on a ratio of virtual resources of the first tenant on a host in which there are other virtual resources of the at least one other tenant to a total number of virtual resources of the first tenant in the multi-tenant virtualized infrastructure; and the abundance metric is based on a number of virtual resources of the first tenant on a host divided by a total number of virtual resources on the host.
However, in the same field of endeavor, Tucker teaches this limitation as, (paragraph 109 of Tucker, a coverage metric may be determined at operation 650 for a group of event types. In some implementations, a coverage metric for a group may be determined at operation 650 as being equal to a total number of event types in the group of event types divided by a total number of event types in the set of event types. In some implementations, the coverage metric is expressed as a percentage or a ratio).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schrecker and Cao to include the above limitation using the teaching of Tuckers in order to secure the computing system by calculating the security metric by comparing some event in the group with the total number of event (see paragraph 109 of Tucker) updating the necessary information in real-time as it happens (see paragraph 42 of Curcis). 

Allowable Subject Matter
Claims 9-11 and 18-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Examiner will provide reason for allowance at the time of allowing the application. 

Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Doron (US Pub. No. 2018/0020023). Doron discloses the methods mitigating cyber-attacks in a multi-tiered network.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TESHOME HAILU/Primary Examiner, Art Unit 2434