DETAILED ACTION
 	 	Claims 1-20 are presented for examination on the merits.

Notice of Pre-AIA  or AIA  Status
 	The present application is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 07/01/2020 are accepted by the examiner.
Priority
 The application is filed on 11/21/2019 and has priority of provisional application 
filed on 07/12/2019.
 				Claim Rejections - 35 USC § 103
1.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
2.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

4.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
5.	Claims 1-2, 11-13, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gates et al. (US 20190098039 A1, hereinafter, Gates) in view of Hering et al. (US RE47757 E, hereinafter, Hering).
	Regarding claim 1, Gates discloses a computer-implemented method, comprising: determining, by a computing device, information sources associated with hardware and software components of a system (Paragraph 0040: , a central or common facility can provide more thorough scanning external sources of information, including published network vulnerabilities, analysis of cybersecurity publications, network policy, etc. A central facility or offline capability can provide a rapid response capability to analyze a new cybersecurity threat with dedicated computer/processing resources), 
 	wherein the information sources include at least specification sheets, standard operating procedures, user manuals, and vulnerability databases (Paragraphs 0037, 0040: Table: Discover and/or identify weak points and/or vulnerabilities in current network topology (design, hardware and/or software) Detected attacking or suspicious signature and/or activity in network governance policies and recommend an action to address); 
 	selecting a set of categories of vulnerabilities in a vulnerability database; (Paragraphs 0014,  0180: the classification can be rule-based systems which are based on selected axiomatic rules, that is, unquestionable rules, such as the blocking access to specific websites. The types of cybersecurity hyper-volumes can include threat, non-threat, and other types (potential threat, unknown threat, etc.). The entity can be then identified as a threat, non-threat, and other types (potential threat, unknown threat, etc.) of entity based on the type of cybersecurity hyper-volume from the detailed analysis mode, in which the entity is inserted) 
 	ingesting the information sources to obtain data in a normalized format (Paragraphs 0055, 014, 01377: a normalized dot product of two vectors….  ingestion (deletion) of new (old) information,); 
 	extracting, from the ingested information sources, configuration information, vulnerability information, dependency information, and functionality requirements to create a model for the system (Paragraphs 0140-0141: signature extraction, and building classifiers, etc., can be performed in the math model module 214 and 224 wherein models developed by the CSP 105 can be used to identify and predict new relationships that can exist outside known and/or suspected attack vectors and/or training datasets); and 
 	displaying, on a screen of a user device, one or more interactive elements which allow the user to view or select the information sources (Paragraphs 0159, 0192, 0204: a UE 110 for presentation to a user, such as via a local display, a web interface. the first and second cybersecurity hyper-volumes can share a decision boundary with each other. Once re-assigned, the re-assigned entity (e.g., threat, non-threat, indeterminate, etc.) takes on the recommended action of the second cybersecurity hyper-volume) and 
 	[the categories of vulnerabilities, initiate ingesting the information sources, and view the extracted configuration information].
 	Gates does not explicitly states but Hering from the same or similar fields of endeavor teaches the categories of vulnerabilities, initiate ingesting the information sources, and view the extracted configuration information (Hering, Col. 5, lines 35-54, Col. 11. Lines 58-67: Vulnerability identification information includes a list of files, software components, libraries and/or a list of the applications or other software installed on mobile communication device 101,as well as other information related to these applications and software such as version and configuration information, configuration information about the mobile communication device 101…. use additional information such as configuration information, and the versions of software libraries to perform additional processing, correlating or analysis on the received vulnerability information).
  	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have the categories of vulnerabilities, initiate ingesting the information sources, and view the extracted configuration information as taught by Hering in the teachings of Gates for the advantage of identifying, assessing, and responding to vulnerabilities accordingly by notifying or remediating respective device wherein server provides an interface for an administrator to manage the system and respond to security issues (Hering, Abstract).
 	Regarding claim 2, the combination of Gates and Hering discloses the method of claim 1, wherein the extracted configuration information includes, for a configuration parameter of a component of the system, one or more of: a name of the configuration parameter; a data type associated with the configuration parameter; a default value associated with the configuration parameter; a current value associated with the configuration parameter; a range of possible values associated with the configuration parameter; and a natural language text description associated with the configuration parameter (Hering, Col. 5, lines 35-54, Col. 11. Lines 58-67: Vulnerability identification information includes a list of files, software components, libraries and/or a list of the applications or other software installed on mobile communication device 101,as well as other information related to these applications and software such as version and configuration information, configuration information about the mobile communication device 101…. use additional information such as configuration information, and the versions of software libraries to perform additional processing, correlating or analysis on the received vulnerability information).  
 	Regarding claim 11, the combination of Gates and Hering discloses the method of claim 1, wherein the one or more displayed interactive elements further allow the user to view one or more of: the extracted vulnerability information; the extracted dependency information; and the extracted functionality requirements (Gates Paragraphs 0019, 0037: extracting numerically encoded text features from at least one of bulk text, structured text, and unstructured text. The system processor 128 can perform adjudication to formulate at least one of the retrieved dataset and the threat entity, to optimize the recommended action.. Discover and/or identify weak points and/or vulnerabilities in current network topology (design, hardware and/or software) Detected attacking or suspicious signature and/or activity in network governance policies and recommend an action to address).
 	Regarding claim 12; Claim 12 is similar in scope to claim 1, and is therefore rejected under similar rationale.
 	Regarding claim 13; Claim 13 is similar in scope to claim 2, and is therefore rejected under similar rationale.
  	Regarding claim 19; Claim 19 is similar in scope to claim 11, and is therefore rejected under similar rationale.
 	Regarding claim 20; Claim 20 is similar in scope to claim 1, and is therefore rejected under similar rationale.

Allowable Subject Matter 
6.	Claims 3-10, 14-18, and are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
Conclusion
7. 	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Naldurg et al. (US 20080104665 A1) discloses analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata.
Nickolov (US 20170034023 A1) discloses methods that are directed to different techniques for: evaluating server system reliability, vulnerability and component compatibility using crowdsourced server and vulnerability data; generating automated recommendations for improving server system metrics; and automatically and conditionally updating or upgrading system packages/components.
8.	In an effort to advance compact prosecution, with respect to any amendments to the claimed invention, the applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention.  
Moreover with respect to advancing compact prosecution, if the applicant intends to make numerous amendments, the examiner respectfully requests that applicant submit a clean copy of the claims in addition to the marked up copy of the claims in order to expedite the examination process by allowing for accurate optical character recognition (OCR) of the claims.
The prior art made of record and not relied upon, if any, is considered pertinent to applicant’s disclosure and would be listed under PTO-Form 892.
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHFUZUR RAHMAN whose telephone number is (571)270-7638.  The examiner can normally be reached on Monday thru Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAHFUZUR RAHMAN/Primary Examiner, Art Unit 2498