DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
NO restrictions warranted at applicant’s initial time of filing the CON. 
Priority
Applicant claim[s] domestic priority under 35 USC 120 to non – provisional application # 16/543207, filed on 08/16/2019, now US PAT # 11146584, which further claims domestic priority under 35 USC 119e to provisional application # 62/765057, filed on 08/16/2018. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/11/2021, the submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
Applicant’s drawings filed on 10/11/2021 have been inspected and are in compliance with MPEP 608.02. 
Specification
Applicant’s specification filed on 10/11/2021 has been inspected and is in compliance with MPEP 608.01. 
Claim Objections
NO objections warranted at applicant’s initial time of filing the CON. 
Claim Interpretation – 35 USC 112th 6th or F
It is in the examiner’s opinion that method claim[s] 1 – 10 do not invoke means for or step plus functional claim language under the meaning of the statute herein. 
Claim Rejections – 35 USC § 112
NO rejections warranted at applicant’s initial time of filing the CON. 
Claim Rejections - 35 USC § 101
NO rejections warranted at applicant’s initial time of filing the CON. 
Double Patenting
NO rejections warranted at applicant’s initial time of filing the CON. 
Claim Rejections - 35 USC § 103
NO rejections warranted at applicant’s initial time of filing the CON. 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1 – 10 is/are rejected under 35 U.S.C. 102[a1] as being taught by Francoeur [US PAT # 9699208]
As per claim 1. Francoeur does teach a method for a system security evaluation [Francoeur, Examples described herein provide for a system [i.e. applicant’s security evaluation device] that evaluates a security level of a network system. Additionally, examples described herein evaluate a security level of a network system in order to enable a determination of components that can be used to enhance the security level of the network system.], the method comprises:
establishing, by a security evaluation device, a connection to a system associated with an entity [Francoeur, Figure # 1, and system - 100 [i.e. applicant’s security evaluation device], user - 5, UI – 108, network system – 101, input logic - 112 and col. 4, lines 9 – 18, The input logic 112 can operate to generate prompts 109 that are communicated to the user 5 via the user interface 108. The prompts 109 can be structured to guide the user 5 to provide information for determining the security level [i.e. applicant’s establishing, by a security evaluation device, a connection to] of the network system [i.e. applicant’s a system associated with an entity]. In one embodiment, the input logic 112 operates to generate prompts 109 to provide information for building a user's security architecture in accordance with the model 105.]; 
obtaining, by the security evaluation device, an inventory of system elements of the system [Francoeur, Figure # 4, and col. 16, lines 62 – 66, and col. 17, lines 1 – 7, With reference to FIG. 4, the system 100 operates to identify the inventory for the network system (410). In one implementation, the input logic 112 and the user interface 108 combine to provide the user with prompts that guide the user into entering information that identifies the security components of the network system for the protection space 314 (412). For example, the prompts can direct the user to answer specific questions, and based on the user response, additional questions or prompts can be provided. The accumulation of the inputs can direct the user to enter input by, for example, manufacturer or vendor, or by other descriptive information (e.g., type or category of device, year of purchase, whether purchase was new or used)];
identifying, by the security evaluation device, one or more desired system elements from the inventory of system elements to perform the system security evaluation [Francoeur, Figure # 4, steps # 410, 412, and col. 16, lines 62 – 67 and col. 17, lines 1 – 14, With reference to FIG. 4, the system 100 operates to identify the inventory for the network system (410). In one implementation, the input logic 112 and the user interface 108 combine to provide the user with prompts that guide the user into entering information that identifies the security components of the network system for the protection space 314 (412). For example, the prompts can direct the user to answer specific questions, and based on the user response, additional questions or prompts can be provided. The accumulation of the inputs can direct the user to enter input by, for example, manufacturer or vendor, or by other descriptive information (e.g., type or category of device, year of purchase, whether purchase was new or used). With reference to an example of FIG. 3D, the inputs entered by the user can correspond to values for any one or more of Level 1, Level 2, Level 3, or Level 4 elements. Based on the components identified by the user input, additional information about those components and their respective sub-elements (e.g., Level 2, 3, or 4 elements) can be obtained (420)]; 
identifying, by the security evaluation device, one or more security elements from the one or more desired system elements [Francoeur, col. 2, lines 14 – 25, In an embodiment, a computer system operates to identify a plurality of security elements [i.e. applicant’s one or more security elements] of the network system. A security architecture for the network system is determined based on the identified security elements. The processor determines the security architecture by implementing a security model. The security model identifies a plurality of pre-determined relationships as between the identified security elements, in connection with possible types of threats to the network system and assets [i.e. applicant’s one or more desired system elements] that can be exposed as a result of a breach. The security architecture can be evaluated to determine an evaluation for the network system]; 
communicating, by the security evaluation device, with each security element of one or more security elements to produce system security data [Francoeur, col. 5, lines 24 – 33, Still further, the parametric determination sub-system 128 can programmatically measure the coverage of some or all of the elements. As another variation, the parametric determination sub-system 128 can programmatically validate the coverage of some or all of the elements. The coverage determination process 134 can update the security architecture 130 by outputting coverage score 133 for security components and other aspects of the network system]; and
analyzing, by the security evaluation device, the system security data in light of minimum viable data metrics [Francoeur, Figure # 1, and col. 7, lines 51 – 67, and col. 8, lines 1 – 32, More specifically, in some embodiments, the recommendation sub-system 156 can provide system changes 159 to generate a prospective or future state of the network system. The system changes 159 can be recorded as for example, a future state (S=1 . . . n) of the network system. The future state of the security system can be re-evaluated, so that the effect of the change or addition to the network system as a whole can be determined. The evaluation of the future state of the security architecture 130 can include comparing stored parameters for the current state [i.e. applicant’s security data] and one or more future states. The stored parameters can be provided by the repository sub-system 152. For example, the evaluation of a given future state for security architecture 130 can include comparisons of the effectiveness score 131 (stored in effectiveness data store 141), coverage score 133 (stored in coverage data store 143), and/or maturity score 135 (stored in maturity data store 145), as between current and future state(s) of the security architecture 130. For example, the security architecture 130 can receive information from the recommendation sub-system 156, and the future state can be analyzed and scored for effectiveness, coverage and maturity, using components of the parametric determination sub-system 128.
In some embodiments, the recommendation sub-system 156 receives planning input 167 from the user 5. The planning input 167 can include, for example, a budget, or extended (e.g., multi-year) budget. Additionally, the planning input 167 can specify acceptable security levels (e.g., exposure levels). The planning input 167 can specify required security levels for specific types of risks threats, or specify security measures for some assets and not others. The recommendation sub-system 156 can implement an optimization process that updates the state of the network system to determine prospective elements for the security system to optimize cost. The optimization process can seek an optimal improvement to the security level of the network system that achieves an adequate level of protection that results in an acceptable level of exposure or risk. The optimization process implemented by the recommendation sub-system 156 can query 151 the library 140 [i.e. applicant’s one or more external data sources] with parameters that specify cost and effectiveness (or other security measure) at an acceptable security or exposure level (e.g., as specified by the planning input 167). Identified components and elements for the network system can be added to the system information, and the effects of the addition can be evaluated by the parametric determination sub-system 128 and/or evaluation sub-system 148 to determine if the security level is at an acceptable level. [i.e. applicant’s the system security data in light of minimum viable data metrics]] established by: 
one or more external data sources and the entity to produce one or more system security scores indicative of security proficiency of the one or more desired system elements [Francoeur, col. 5, lines 24 – 33, Still further, the parametric determination sub-system 128 can programmatically measure the coverage of some or all of the elements. As another variation, the parametric determination sub-system 128 can programmatically validate the coverage of some or all of the elements. The coverage determination process 134 can update the security architecture 130 by outputting coverage score 133 for security components and other aspects of the network system.].
As per claim 2. Francoeur does teach the method of claim 1, wherein the one or more system elements includes one or more of: 
policies; 
procedures; 
services [Francoeur, Figure # 1, and col. 3, lines 7 – 10, FIG. 1 illustrates a system for evaluating and enhancing a security level of a network system, according to one or more embodiments. A network system 101 can correspond to, for example, an enterprise network, or other defined network including resources and assets that are to be protected from external and internal threats];
networks; 
users; 
devices [Francoeur, Figure # 1, and col. 3, lines 7 – 10, FIG. 1 illustrates a system for evaluating and enhancing a security level of a network system, according to one or more embodiments. A network system 101 can correspond to, for example, an enterprise network, or other defined network including resources and assets that are to be protected from external and internal threats]]; 
servers; 
software; 
hardware [Francoeur, Figure # 1, and col. 3, lines 7 – 10, FIG. 1 illustrates a system for evaluating and enhancing a security level of a network system, according to one or more embodiments. A network system 101 can correspond to, for example, an enterprise network, or other defined network including resources and assets that are to be protected from external and internal threats]]; 
tools;
files; 
personnel; 
departments; and 
IP addresses.

As per claim 3. Francoeur does teach the method of claim 1, wherein the one or more security elements include one or more of:
security devices[Francoeur, col. 9, lines 8 – 17, The security elements for network systems can be identified based on the security model 105 (220). In some embodiments, identification of security elements for the security model includes prompting the user into entering input that can identify specific components that relate to the security of the network system. The component can correspond to, for example, a specific device or module, a programmatic component, a process, a protocol or other identifiable entity that resides on the security network system.];  
security software [Francoeur, col. 9, lines 8 – 17, The security elements for network systems can be identified based on the security model 105 (220). In some embodiments, identification of security elements for the security model includes prompting the user into entering input that can identify specific components that relate to the security of the network system. The component can correspond to, for example, a specific device or module, a programmatic component, a process, a protocol or other identifiable entity that resides on the security network system.];
security services; 
security tools; 
security procedures [Francoeur, col. 9, lines 8 – 17, The security elements for network systems can be identified based on the security model 105 (220). In some embodiments, identification of security elements for the security model includes prompting the user into entering input that can identify specific components that relate to the security of the network system. The component can correspond to, for example, a specific device or module, a programmatic component, a process, a protocol or other identifiable entity that resides on the security network system.]; 
security policies; 
a third-party security monitoring service;
user access lists; and 
security personnel.

As per claim 4. Francoeur does teach the method of claim 1, wherein the system security data includes information related to at least one of:
discovered devices; 
discovered software;
discovered users; 
user access logs;
discovered network connections; 
one or more security configurations; 
one or more discovered security procedures; 
one or more security risks; 
one or more security deficiencies; 
one or more network deficiencies;
one or more system anomalies; and 
one or more security alerts [Francoeur, col. 6, lines 63 – 67 and col. 7, lines 1 – 11, An evaluation sub-system 148 can process the security architecture 130 for a particular state of the network system. For a given state (e.g., current state (S=0)), the evaluation sub-system 148 performs an evaluation that utilizes scores provided by the parametric determination sub-system 128. For example, the evaluation sub-system 148 can operate to aggregate and evaluate the security level of the network system based on the effectiveness score 131, the coverage score 133 and the maturity score 135. By way of example, the evaluation sub-system 148 can determine an overall score 147 for the network system based on a mathematical computation, such as a weighted average or aggregation of the effectiveness score 131, coverage score 133 and/or maturity score 135. In one implementation, overall score 147 can be communicated to the user 5 via the user interface 108 as part of an output 155. ].

As per claim 5. Francoeur does teach the method of claim 1, wherein the one or more external data sources includes one or more of: 
another system associated with another entity [Francoeur, Figure # 1, and col. 3, lines 50 – 67, and col. 4, lines 1 – 2, In greater detail, system 100 can include a user interface 108, input logic 112, and an inventory library 140 [i.e. applicant’s one or more external data sources]. The inventory library 140 stores information about security components available for enterprise networks as a whole. The components described in the inventory library can include commercially-available components, with information obtained and derived from vendor-provided information. Such information can include performance and pricing benchmarks provided by third-parties (including vendors). In this respect, the library 140 can reflect a collection of information provided through vendor and/or third-party sources [i.e. applicant’s another system associated with another entity] regarding numerous types of components that can be employed by, for example, information technology (IT) networks (e.g., enterprise networks). The information for the inventory library 140 can be pre-determined using, for example, expert resources. As described further, the inventory library 140 can include relationships and metrics that are based on a defined security model 105. Various kinds of security models can be employed with a system such as described with FIG. 1.]; 
a government body; and 
a standards body. 

As per claim 6. Francoeur does teach the method of claim 1, wherein the security evaluation device is configured for remote management [Francoeur, col. 3, lines 10 – 15, A security evaluation and enhancement system 100 (alternatively referred to as security evaluation system 100 or system 100) such as described with FIG. 1 can be implemented as a separate system or entity from the network system 101 that is being evaluated and enhanced].

As per claim 7. Francoeur does teach the method of claim 1, wherein the minimum viable data metrics include one or more of: 
risk management effectiveness metrics; 
compliance with one or more standards; 
compliance with one or more laws; 
security optimization metrics [Francoeur, col. 8, lines 8 – 15, In some embodiments, the recommendation sub-system 156 receives planning input 167 from the user 5. The planning input 167 can include, for example, a budget, or extended (e.g., multi-year) budget. Additionally, the planning input 167 can specify acceptable security levels (e.g., exposure levels). The planning input 167 can specify required security levels for specific types of risks threats, or specify security measures for some assets and not others.]; 
security completeness metrics; and
 system awareness metrics.

As per claim 8. Francoeur does teach the method of claim 1 further comprises:  providing, by the security evaluation device, one or more recommendations to improve the desired system element based on the one or more system security scores [Francoeur, Figure # 1, and col. 7, lines 51 – 67, and col. 8, lines 1 – 32, More specifically, in some embodiments, the recommendation sub-system 156 can provide system changes 159 to generate a prospective or future state of the network system. The system changes 159 can be recorded as for example, a future state (S=1 . . . n) of the network system. The future state of the security system can be re-evaluated, so that the effect of the change or addition to the network system as a whole can be determined. The evaluation of the future state of the security architecture 130 can include comparing stored parameters for the current state and one or more future states. The stored parameters can be provided by the repository sub-system 152. For example, the evaluation of a given future state for security architecture 130 can include comparisons of the effectiveness score 131 (stored in effectiveness data store 141), coverage score 133 (stored in coverage data store 143), and/or maturity score 135 (stored in maturity data store 145), as between current and future state(s) of the security architecture 130. For example, the security architecture 130 can receive information from the recommendation sub-system 156, and the future state can be analyzed and scored for effectiveness, coverage and maturity, using components of the parametric determination sub-system 128.
In some embodiments, the recommendation sub-system 156 receives planning input 167 from the user 5. The planning input 167 can include, for example, a budget, or extended (e.g., multi-year) budget. Additionally, the planning input 167 can specify acceptable security levels (e.g., exposure levels). The planning input 167 can specify required security levels for specific types of risks threats, or specify security measures for some assets and not others. The recommendation sub-system 156 can implement an optimization process that updates the state of the network system to determine prospective elements for the security system to optimize cost. The optimization process can seek an optimal improvement to the security level of the network system that achieves an adequate level of protection that results in an acceptable level of exposure or risk. The optimization process implemented by the recommendation sub-system 156 can query 151 the library 140 with parameters that specify cost and effectiveness (or other security measure) at an acceptable security or exposure level (e.g., as specified by the planning input 167). Identified components and elements for the network system can be added to the system information, and the effects of the addition can be evaluated by the parametric determination sub-system 128 and/or evaluation sub-system 148 to determine if the security level is at an acceptable level]. 

As per claim 9. Francoeur does teach the method of claim 1 further comprises: 
implementing, by the security evaluation device, an adjustment to the one or more security elements of the desired system element based on the one or more system security scores [Francoeur, Figures #1 and # 2B and col. 10, lines 14 – 25, With reference to FIG. 2B, the security architecture and evaluation to determine for the network system (260). The security architecture and evaluation can be determined in accordance with, for example, a method such as described with FIG. 2A.
In one embodiment, a set of elements from the security model are identified as candidates for an upgrade to improve security (270). The determination of which elements to upgrade can include those elements that are deemed from the evaluation of the security architecture to have a security level that is below an acceptable threshold. The acceptable threshold for the security level can be based on the determination of the user, or alternatively by default setting.
More specifically, in determining the candidate set of elements, the valuation can identify those elements of the security architecture that have unacceptable scores for metrics such as effectiveness, coverage or maturity (272)]. 
As per claim 10. Francoeur does teach the method of claim 9, wherein the adjustment includes one or more of: 
adding a security element to the one or more desired system elements; 
removing a security element of the one or more security elements;  
updating a security element of the one or more security elements [Francoeur, col. 5, lines 24 – 33, Still further, the parametric determination sub-system 128 can programmatically measure the coverage of some or all of the elements. As another variation, the parametric determination sub-system 128 can programmatically validate the coverage of some or all of the elements. The coverage determination process 134 can update the security architecture 130 by outputting coverage score 133 for security components and other aspects of the network system.]; 
patching a security element of the one or more security elements; 
modifying a security element of the one or more security elements; and
 restricting a security element of the one or more security elements.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Raffill et al. [US PGPUB # 2015/0358286], who does teach on-the-fly pattern recognition with configurable bounds have been presented. In one embodiment, a pattern matching engine is configured based on user input, which may include values of one or more user configurable bounds on searching. Then the configured pattern matching engine is used to search for a set of features in an incoming string. A set of scores is updated based on the presence of any of the features in the string while searching for the features. Each score may indicate a likelihood of the content of the string being in a category.
Langton et al. [US PGPUB # 2017/0323101], who does teach identify a set of features associated with the unknown object. The device may determine, based on inputting the set of features into a threat prediction model associated with a set of security functions, a set of predicted threat scores. The device may determine, based on the set of predicted threat scores, a set of predicted utility values. The device may determine a set of costs corresponding to the set of security functions. The device may determine a set of predicted efficiencies, associated with the set of security functions, based on the set of predicted utility values and the set of costs. 
Vickrey et al. [US PGPUB # 2019/0109871], who does teach determining trustworthiness of a domain among users. The determination may be based upon trust scores provided by the users for the domain. When all users have specified a trust score for the domain, an overall trust score may be computed based upon the specified trust scores. When some users have not specified a trust score for the domain, trust scores may be computed for the users based upon the specified trust scores, and an overall trust score may be computed based upon the specified trust scores and the computed trust scores.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANT SHAIFER - HARRIMAN whose telephone number is (571)272-7910. The examiner can normally be reached M - F: 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571- 272- 3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANT B SHAIFER HARRIMAN/          Primary Examiner, Art Unit 2434