DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 09/14/2022 has been entered.

The following is a non-final office action in response to communications received 09/14/2022. Claims 4, 6, 11, 13, 18, 20, 24-26 have been cancelled. Claims 1, 2, 8, 9, 15, 16, 19 have been amended. Claims 27-31 have been added. Therefore claims 1-3, 5, 7-10, 12, 14-17, 19, 21-23, 27-31 are pending and addressed below.


Response to Arguments
Applicant’s arguments filed 09/14/2022 have been fully considered and they are persuasive with regards to dependent claims 2, 3, 5. Examiner maintains the rejections for claims 1, 8, 15, 21-23.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 27-31 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.


Claims 27-29 recite “…the information includes blocked process hashes on the workload”.  There is insufficient antecedent basis for this limitation in the claim. Examiner suggests changing “the workload” to “the workload of the application”. Appropriate correction is required.

Claims 30-31 recite “…wherein the determine an attack surface score excludes consideration of allowed ports”. There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required.




Allowable Subject Matter
Claims 2, 5, 9, 12, 16, 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims 27-31 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 8, 15, 21-23 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Glenn et al (Pub. No. US 2019/0258804).

As per claims 1, 8, 15, Glenn discloses a method comprising: receiving information identifying open ports associated with an application; determining based on the information and common attack ports, an attack surface score for, and specific to, a workload of the application (…the vulnerability exposure scoring module may generate exposure scores for a particular port on a particular workload that represents a measure of connectivity of the particular port to other workloads within a limited group of workloads to which the particular workload belongs (e.g. a tier or an application group associated with the particular workload)…see par. 53); determining, based on the attack surface score, whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination; and implementing a vulnerability reduction policy based on the determination (…the initial segmentation policy graph includes a rule that specifies that all workloads in an application group A can communicate with each other over all ports and protocols…a vulnerable port having a port number P is identified on at least one workload in a tier T1 in the application group A…the observed traffic flow graph indicates that the workload in tier T1 provides the service using the port number P to one or more workloads only in tier T2, but does not use the port number P in communications with workloads in tiers T3 or T4…this the modified segmentation policy still permits the observed communication over the vulnerable port, but limits the workloads to which the vulnerable port can connect, thereby reducing overall exposure of the admirative domain to the vulnerability…see par. 70).



As per claims 21, 22, 23, Glen discloses wherein the open ports are TCP transport layer ports (see par. 61).





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 10, 17 are rejected under 35 U.S.C. 103 as being unpatentable over Glenn et al (Pub. No. US 2019/0258804) in view of Cheng et al (Pub. No. US 2018/0144139).

As per claims 3, 10, 17, Glen does not explicitly discloses wherein determining the attack surface score is based on the information and one or more unused ports from the common attack ports. However Cheng discloses wherein determining the attack surface score is based on the information and one or more unused ports from the common attack ports (IoT device risk factors can include a number of open ports not used by an IoT device accessing network services through other open ports…the IoT device risk assessment system can maintain a device profile of an IoT device based on a vulnerability score assigned to the IoT device in response to proving of the vulnerability device…specifically, the IoT device risk assessment system can update a device profile of an IoT device to include a vulnerability score assigned to the IoT device and the vulnerability factors and IoT device performance resulting from probing that led to assignment of the vulnerability score to the IoT device…see par. 44, 59). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Cheng in Glenn for including the above limitations because one ordinary skill in the art would recognize it would further improve performing risk assessment for IoT devices and further determine risk levels…see Cheng, par. 25.






Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to the field of workload security and computer networking…for determining an attack surface score for a workload and determine a security policy to implement to reduce the vulnerability of the workload.

Crabtree et al (Pub. No. US 2020/0396254); “System and Method for Cybersecurity Reconnaissance, Analysis, and Score Generation Using Distributed Systems”;
-Teaches an open port scan for each internet protocol address identified and implement the queue of internet protocol address scanning tasks and receive a list of open ports for the domain name…see par. 7-8.

Bower, III et al (Pub. No. US 2017/0359170); “Workload Encryption Key”;
-Teaches the gateway relays the workload to a trusted server of the service provider for processing…a malicious party may attack the gateway to redirect the workload to an untrusted server maintained by the malicious party, or even attempt to place a server on the service provider’s network so that the gateway directs the workload to the malicious party’s server…see par. 13.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499