Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	DETAILED ACTION
Response to Amendment
This action is in response to an amendment filed October 28, 2022. Claims 139, 144, 146-148, 151, and 156-159 have been amended. Claims 140 and 152 have been cancelled.  Claims 139, 141-151, and 153-159 are now pending in this application.

Response to Arguments
Applicant's arguments filed October 28, 2022 have been fully considered but they are not persuasive. 

Applicants are arguing in substance the following:

Arguments to Claims 139, 151, and 159:
a) Dominessy does not explicitly teach…’causing a display to present a plurality of asset categories, including at least one of an account category, an authentication category, a container category, a database category, an image category, a managed service category, a messaging service category, a monitoring category, a network category, a storage category, a user category, a access category, a virtual machine category, or a serverless category;
Response to argument a:
	The Examiner respectfully disagrees. To begin, in Col. 10, lines 18-24, Dominessy describes different asset types such as virtual system assets including devices and networks. In Figure 10, Dominessy displays multiple “asset” categories such as Servers and Network Infrastructure. The Examiner equates a couple of Applicant(s)’ asset categories as follows: “database category” = File Storage Server and its sub nodes, “monitoring category” = Bug Tracker and its sub nodes, and “network category” = Network Infrastructure and its sub nodes. At the very least, the Examiner views higher levels of the hierarchical tree as a particular asset category. Applicant(s) are encouraged to further define the term “asset category” to further limit the Examiner’s broad interpretation as being the ordinary meaning of the term “category”.


The examiner has addressed arguments directed to claim limitations as stated only. Arguments not directed towards claim limitations have not been addressed. Applicant(s) is/are urged to direct arguments for claim limitations recited, because arguments not directed to claim limitations and statements are not given value since they do not appear in the claim. As to any claims not specifically discussed, the applicant(s) argued that it was patentable for one of the reasons discussed above. Please see response to above arguments for unspecified discussions. 
	

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 139-159 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dominessy et al. (US 10,868,825 B1).

With respect to claim 139, Dominessy discloses a graphical user interface system for providing comprehensive cloud environment risk inventory visualization (Abstract and Col. 7, lines 23-27, graphical user interface for display of security vulnerabilities), the system comprising: 
at least one processor (Figure 13, processing unit) configured to: 
cause a display to present a plurality of asset categories (Figure 10 and Col. 35, line 22-Col. 36, line 28, tree structure of network components/servers which are monitored for vulnerabilities), including at least one of an account category, an authentication category, a container category, a database category, an image category, a managed service category, a messaging service category, a monitoring category, a network category, a storage category, a user category, a access category, a virtual machine category, or a serverless category (Figure 10 and Col. 10, lines 18-24, servers and network infrastructure with various sub nodes are displayed on the dashboard);
receive, via an input device, a selection of one or more particular asset category (Figure 10 and Col. 35, lines 38-42, displays “servers” as expanded category);
cause the display to present a list of assets in the selected category that have cyber security risks (Col. 35, line 38 to Col. 36, line 28, tree may be highlighted or shaded based on vulnerability score); and 
for each listed asset: 
retrieve workload component cybersecurity risk information (Col. 35, line 38-Col. 36, line 28 and Col. 9, lines 3-23, wherein target system may include multi-core processors, and also provide a heterogenous hardware environment), and 
retrieve cloud component cybersecurity risk information (Col. 35, line 38-Col. 36, line 28 and Col. 9, lines 3-23, wherein target system may distributed cloud systems); 
cause the display to present a common interface providing access to the workload component cybersecurity risk information and cloud component cybersecurity risk information (Figure 10 and Col. 38, line 43-Col. 39, line 44, dashboard displays state of each target system and details in reference to associated vulnerabilities or risks); and 
cause the display to present, in the common interface, an interconnection between the workload component cybersecurity risk information and the cloud component cybersecurity risk information (Figure 10, Col. 9, lines 3-23, and Col. 38, line 43-Col. 39, line 44, dashboard displays tree of each target node in a hierarchy of nodes, the state of each target system, and its details in reference to associated vulnerabilities or risks).
With respect to claim 141, Dominessy discloses the system of claim 139, wherein the common interface is configured to display information relating to at least one of an asset type, a risk, a region, or an account (Figures 10 and 11, and Col. 36, lines 12-19, CVE (common vulnerability and exposure) identifiers).
With respect to claim 142, Dominessy discloses the system of claim 139, wherein the common interface is configured to display description for each listed asset (Figure 10, name of nodes and sub-nodes).
With respect to claim 143, Dominessy discloses the system of claim 139, wherein the common interface is configured to display at least one of a vulnerability, an insecure configuration, an indication of a presence of malware, a neglected asset, a data at risk, a lateral movement, or an authentication (Figure 10). 
With respect to claim 144, Dominessy discloses the system of claim 139, wherein the common interface is configured to display one or more possible attack vectors reaching the each listed asset (Figure 10, and Col. 35, line 61-Col. 36, line 28, lower-level nodes with identified vulnerabilities).
With respect to claim 145, Dominessy discloses the system of claim 139, wherein the common interface is configured to display potential lateral movement risk from the asset to other assets in the organization, and the potential organization (Col. 24, lines 32-43, predictive move module for suggesting proper responses to attack scenarios).
With respect to claim 146. The system of claim 139, wherein the common interface is configured to display a recommended mitigation tactic for the each listed asset (Figure 8, data and fixed or dynamic values associated with a goal such as remediation type).
With respect to claim 147, Dominessy discloses the system of claim 139, wherein the common interface is configured to display one or more workload metrics associated with the each listed asset (Col. 4, line 65 to Col. 5, line 3, system metrics).
With respect to claim 148, Dominessy discloses the system of claim 139, wherein the at least one processor is further configured to provide a cybersecurity report for the each listed asset (Figure 12, test results).
With respect to claim 149, Dominessy discloses the system of claim 139, wherein the at least one processor is configured to identify a risk level distribution among the listed assets (Figure 12).
With respect to claim 150, Dominessy discloses the system of claim 139, wherein the at least one processor is configured to: 
receive a search query for a specific risk (Figure 12); and 
identify one or more assets vulnerable to the specific risk (Figures 10 and 12). 
With respect to claims 151 and 153-159, the method and non-transitory medium of claim(s) 151 and 153-159 does/do not limit or further define over the system of claim(s) 139 and 141-147. The limitations of claim(s) 151 and 153-159 is/are essentially similar to the limitations of claim(s) 139 and 141-147. Therefore, claim(s) 151 and 153-159 is/are rejected for the same reasons as claim(s) 139 and 141-147. Please see rejection above.	
	

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ESTHER B. HENDERSON whose telephone number is (571)270-3807. The examiner can normally be reached Monday-Friday 6a-2p ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin T. Bates can be reached on 571-272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/ESTHER B. HENDERSON/
Primary Examiner, Art Unit 2458 
November 17, 2022