DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see Remarks filed on 09/15/2022, with regards to the rejection of independent claims 1, 6 and 9 under 35 USC § 102 have been fully considered, but they are not persuasive. 
On page 4 the Applicant argues that the examiner relied on separate embodiments of Asenjo in the rejection of claim 1, and details that Fig. 8 and paragraph [0167] of Asenjo relate to embodiments that are different from the embodiment illustrated in Figs. 1 and 3.
Further on page 6, Applicant argues that paragraph [0082] of Asenjo does not teach or suggest a “designed result,” or constructing a designed result, therefore, Asenjo does not teach or suggest the duplicated environment construction circuitry recited by independent claim 1.
Examiner, respectfully, disagrees with the Applicant’s arguments.
With regards to Fig. 8, as disclosed in paragraph [0018]: “FIG. 8 illustrates a block diagram of an example device model according to various aspects and implementations of the disclosed subject matter.”, the device model is not specific to a certain embodiment. Paragraph [0100] also discloses: “… the cloud-based simulation generation system can collect device data in accordance with one or more standardized device models. … a standardized device model can be developed for each industrial device.”. Fig. 3 is a cloud-based or partially cloud-based simulation generation system. Therefore, the device model is applicable to the cloud-based simulation generation system of Fig. 3. However, as disclosed in paragraph [0101], device model 806 is associated with a cloud-aware device 802, thus device model 806 (not device model) is specific to the implementation shown in Fig. 8.
With regards to paragraph [0167], it briefly explains step 1710 of method 1700, in connection with work order that relates to time constraints, fiscal constraints … which can be specified by a user. Asenjo, in paragraph [0162], discloses: “The method 1700 can be implemented by a simulation generation system that can comprise a simulation generator component and/or another component(s) (e.g., a collection component, a cloud-based data store, etc.).”. Therefore, the steps of the method 1700, steps 1702-1714, can be applied to the simulation generation system 100 which incorporates a simulation generator component 116. Regardless, Asenjo, in paragraph [0046] discloses the same constraints as in paragraph [0167], as: “… the simulation generator component 116 can apply a set of operation data relating to the work order … determining or predicting whether the industrial automation system 104 will be able to satisfy a set of order completion parameters (e.g., time constraints, fiscal constraints, product quality constraints, etc.) associated with the work order …”, and in paragraph [0060]: “A set of operation data relating to the work order can be obtained from the data store 114 and/or received from a user (e.g., operator) …”. 
Therefore, the examiner did not find Applicant’s argument, that Fig. 8 and paragraph [0167] of Asenjo relate to embodiments that are different from the embodiment illustrated in Figs. 1 and 3, persuasive.
With regards to Applicant’s argument that Asenjo does not teach or suggest the duplicated environment construction circuitry recited by independent claim 1, Asenjo in paragraph [0082] discloses: “The processor component 326 can employ one or more processors (e.g., central processing units (CPUs), graphical processing units (GPUs), field-programmable gate arrays (FPGAs), etc.), microprocessors, or controllers that can process data, such as industrial data (e.g., device data, process data, asset data, system data, etc.) associated with industrial control systems, customer or client related data, data relating to parameters associated with the system 300 and associated components, etc., to facilitate generating simulation models of industrial automation systems, evaluating modifications to an industrial automation system based on simulation models of a modified industrial automation system, simulating operation of simulation models under a set of conditions to facilitate determining or predicting how the corresponding industrial automation system will respond under the set of conditions, etc.; and can control data flow between the system 300 and other components associated with the system 300.”. As indicated in Fig. 3, processor component 326 is coupled to data store 328, and simulation generator component 318, and can interact with one or more external user interface devices, such as a keyboard, a mouse, a display monitor, a touchscreen, or other such interface devices (see paragraph [0084]), and thus processor component 326 has all the data and the circuitry needed to construct the duplicated environment from the duplicated environment design generated by simulation generator component 318, including the user specified constraints through the user interface devices. The simulation generator component, as indicated in paragraph [0043], is a simulation builder component with its construction circuitry within the processor component 326. Thus, Asenjo discloses the duplication environment construction circuitry, and the examiner did not find Applicant’s argument valid.
Therefore, the rejection of claims 1, 6 and 9 under 35 USC § 102 is maintained.  
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-2, 5-7 and 9-10 are rejected under 35 U.S.C. 102(a)(1)(a)(2) as being anticipated by US-PGPUB No 2014/0337000 A1 Asenjo et al. (hereinafter “Asenjo”)
Regarding claim 1: 
Asenjo discloses:
A security assessment system (see ¶70: “FIG. 3 … system 300 … simulation generation system …”) configured to provide a duplicated environment (see ¶79: “… a simulation model …”) which duplicates an assessment target system (see ¶79: “… an industrial control system …”) comprising a plurality of physical components (see p-31: “An industrial control system can comprise various industrial devices, … other industrial assets, and network-related assets …”), the security assessment system comprising: 
a duplicated environment design circuitry (see FIG. 3, item 318, ¶79: “… simulation generator component 318 …”) configured to select a duplication level (¶43: “… emulate, model, or simulate …”) based on constraints (¶167: “… order completion parameters (e.g., time constraints … fiscal constraints … product quality constraints …”, ¶46: “… the simulation generator component 116 can apply a set of operation data relating to the work order … determining or predicting whether the industrial automation system 104 will be able to satisfy a set of order completion parameters (e.g., time constraints, fiscal constraints, product quality constraints, etc.) associated with the work order …”) specified by a user (see ¶60: “A set of operation data relating to the work order can be obtained from the data store 114 and/or received from a user (e.g., operator)… the interface component … can allow the user to enter all or a portion of the set of operation data relating to the work order.”) in order to design the duplicated environment to produce a designed result (¶80: “… simulation or emulation of the industrial control system …”) indicative of a duplicated environment design, the duplication level being indicative of any one of a simulation sub-module (see FIG. 3 item 322, “Simulation Model Generator Component”), an emulation sub-module (see FIG. 3 item 320, “Emulator Component”), and a physical sub- module (see ¶18: “FIG. 8 … device model …”, 100: “… a standardized device model can be developed for each industrial device.”) which are for reproducing the physical components of the assessment target system (see ¶79-80: “… system 300 … can comprise a simulation generator component … that can generate a simulation model that can simulate or emulate an industrial control system and can simulate operation of the industrial control system under a set of conditions based on the simulation model. The simulation generator component … can include an emulator component 320 …”,  
¶60: “… the simulation generator component … can facilitate providing a user a set of simulation tools via the interface component that can allow the user to enter all or a portion of the set of operation data relating to the work order. “, and 
¶49: “Based at least in part on the results of the analysis of the set of data, the simulation generator component …  can simulate or emulate (e.g., determine and/or generate a simulation or an emulation for) the industrial automation system …, including determining respectively simulating or emulating the respective industrial devices …”); and 
a duplicated environment construction circuitry (¶82: “… a processor component …”) configured to construct the duplicated environment (see ¶82: “… a processor component … that can operate in conjunction with the other components … The processor component … can employ one or more processors …, graphical processing units (GPUs), etc.), …  microprocessors, or controllers that can process data, such as industrial data (e.g., device data, process data, asset data, system data, etc.) associated with industrial control systems, customer or client related data, data relating to parameters associated with the system 300 and associated components, etc., to facilitate generating simulation models of industrial automation systems …”) based on the designed result, the duplicated environment comprises components which are duplicated by one of the duplication level (¶79: “… an emulator component 320 that can emulate or facilitate simulating the industrial control system, including emulating or facilitating simulating the constituent components …”).  
Regarding claim 2:
Asenjo discloses: 
The security assessment system as claimed in claim 1, wherein the simulation sub-module comprises at least one of a specification of the physical component and a behavior model of a of the physical component, wherein the emulation sub-module comprises software which reproduces the physical component using a virtual machine, and 6PRELIMINARY AMENDMENTAttorney Docket No.: Q257905 Appln. No.: National Stage of PCT/JP2018/010015 wherein the physical sub-module comprises at least one physical machine which is physically similar to the physical component in the assessment target system (see ¶51: “ When a set of operation data is applied to the simulation model, a response or behavior of the simulation model can be generated.”,  
¶53: “… the generator component … can access the data store … to obtain a subset of modification data relating to the modification(s) being considered. The subset of modification data can comprise information relating to the properties, characteristics, functionality, configuration, version, etc., of the device(s), …”, 
¶79: “… emulator component 320 … can emulate or facilitate simulating the industrial control system, including emulating or facilitating simulating the constituent components (e.g., industrial devices, industrial processes, industrial assets, network-related devices or assets, etc.) of the industrial control system …”,  
¶84: “… simulation generator component … can comprise software instructions that can be stored in the data store …”,  
¶70: “… components, when executed by one or more machines, … virtual machine(s), etc., can cause the machine(s) to perform the operations …”, and  
¶100: “…  a standardized device model can be developed for each industrial device.”).  
Regarding claim 5:
Asenjo discloses: 
The security assessment system as claimed in claim 2, wherein the security assessment system further comprises: 
an input interface configure to input the constraints, the specification, the behavior model, any signal on channels between the virtual machines, between the virtual machine and the physical machine, and between the physical machines (see ¶60: “A set of operation data relating to the work order can be obtained from the data store …  and/or received from a user (e.g., operator) via an interface component (e.g., a human machine interface (HMI)).”, and  
¶84: “…  the processor component … can interact with one or more external user interface devices, such as a keyboard, a mouse, … a touchscreen, or other such interface devices.”); and 
an output interface configured to output a response of the behavior model in response to the input, contents of the specification, and communication information between the virtual machines, between the virtual machine and the physical machine, and between the physical machines (see ¶84: “…  the processor component … can interact with one or more external user interface devices, such as … a display monitor, a touchscreen, or other such interface devices.”).  
Regarding claims 6-7:
Claims 6-7 substantially recite the same limitations as claims 1-2, respectively, in the form of a security assessment system implementing the corresponding method, therefore they are rejected by the same rationale.
Regarding claims 9-10:
Claims 9-10 substantially recite the same limitations as claims 1-2, respectively, in the form of a non-transitory computer readable recording medium to record a security assessment program, therefore they are rejected by the same rationale.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Asenjo, and further in view of US-PGPUB No. 2020/0344084 A1 Shribman et al. (hereinafter “Shribman”)
Regarding claim 3:
Asenjo discloses:
The security assessment system as claimed in claim 2, wherein the security assessment system further comprises: 
a document/model database storing documents indicative of specifications and a plurality of behavior models (see Asenjo, ¶83: “… the system 300 can contain a data store … that can store data structures (e.g., user data, metadata); code structure(s) (e.g., modules, objects, classes, procedures), commands, or instructions; industrial data or other data associated with industrial automation systems or industrial enterprises; customer or client related information; data relating to generation of simulation models of industrial automation systems; parameter data; algorithms (… algorithm(s) relating to simulating or emulating industrial devices, industrial processes, industrial assets, network-related devices, interrelationships between such devices, processes, or assets, etc.); algorithm(s) relating to evaluating, determining, or predicting operation of an industrial automation system based on a corresponding simulation model or evaluating, determining, or predicting operation of a modified automation system based on a corresponding modified simulation model); a set of defined operation criteria; and so on.”); 
a physical machine pool storing a plurality of physical machines, wherein the duplicated environment construction circuitry is configured to: store at least one document and/or at least one behavior model at the simulation sub- module from the document/model database (see Asenjo, ¶87: “Each industrial automation system … can comprise a number of assets … that can represent the machines and equipment that make up the industrial automation system … each asset … can comprise one or more industrial devices …”,  
¶83-84: “… the processor component … can be functionally coupled … to the data store … in order to store and retrieve data desired to operate and/or confer functionality … simulation generator component … can comprise software instructions that can be stored in the data store … and executed by the processor component …”); 
However, Asenjo failed to explicitly disclose the following limitations taught by Shribman: 
a virtual machine pool storing a plurality of virtual machines (see Shribman, ¶136: “An example of a virtualization architecture 900 is shown in FIG. 3b, where three virtual machines are exemplified.”); and 
configure and store at least one virtual machine at the emulation sub-module from the virtual machine pool (see Shribman, ¶136: “… a Virtual Machine (VM) #3 910c provides virtualization for the application 901c that uses the guest OS 902c, which in turn interfaces with the virtual hardware 903c that emulates the associated actual hardware.”); and 
configure at least one network between the virtual machines and the physical machine in the physical machine pool (se Shribman, ¶137: “… a wide range of actual host hardware 906 may be used by implementing a host operating system 905 layer between the actual hardware 906 and the VMM 904. Such configuration relies on the host OS 905 for device support and physical resource management. … a hypervisor layer (in addition to, or as part of, the VMM 904) is used as the first layer, allowing the VMM 904 to have direct access to the hardware resources, hence providing more efficient, and greater scalability, robustness, and performance.”, and 
See FIG. 3d, item 904, Virtual Machine Monitor (VMM), provides connection between the virtual machines and the Actual Host Hardware (item 906)).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Asenjo to incorporate the technique and functionality of the virtualization architecture to provide a pool of virtual machines and provide connection between the virtual machines and the underlying physical machines, as disclosed by Shribman, such modification would allow the system to run multiple operating systems from a single physical machine, and to consolidate the workloads of several under-utilized servers to fewer machines, providing benefits such as savings on hardware, environmental costs, management, and administration of the server infrastructure.

Claims 4 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Asenjo, and further in view of US-PGPUB No. 2020/0106792 A1 Louie et al. (hereinafter “Louie”)
Regarding claim 4:
 	Asenjo discloses the security assessment system as claimed in claim 2, but failed to disclose the following limitations taught by Louie: 
wherein the security assessment system further comprises: 
an active scan/pen-test circuitry (see Louie ¶27: “… other physical hardware of the target system …”) configured to actively scan and/or pen-test on the virtual machine and/or the physical machine in the duplicated environment to produce a result of an active scan/pen-test, 7PRELIMINARY AMENDMENTAttorney Docket No.: Q257905 Appln. No.: National Stage of PCT/JP2018/010015 a vulnerability assessment circuitry (see Louie ¶80: “… the penetration tester system …“) configured to extract vulnerabilities of each component in the emulation sub-module and the physical sub-module based on the result of an active scan/pen-test to generate a list indicative of the extracted vulnerabilities (see Louie, ¶27: “…  the penetration testing is performed relative to or upon a target or client system 102 of one or more computing devices. …The penetration testing is implemented by a penetrating testing system 104 via one or more virtual machines (VMs) 106 or other physical hardware of the target system.”,   
¶80: “… the penetration tester system … may be configured to capture different types of raw data (log data) …”, and 
¶205: “… raw log data associated with the penetration testing relative to the target computing system is captured. 
See FIG. 7”); and 
an attack graph generation circuitry (see Louie, ¶77: “… systems and methods …”) configured to generate an attack graph based on the result of an active scan/pen-test, wherein the duplicated environment design circuitry configured to select the duplication level based on at least one of the list and the attack graph (see Louie ¶77: “… systems and methods … transform lines of raw audit records into graphs (having vertices and edges).”,  
¶205: “… the raw log data is parsed into a graph having nodes.”, and 
¶206: “… features of the nodes are determined from the graph. … pairs of the nodes of the graph are classified into one or more of a plurality of testing tool type categories used in the penetration testing based on the determined features of the nodes.” 
See also FIG. 7”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Asenjo to incorporate the functionality of the penetration testing system to log raw data associated with the penetration testing relative to the target computing system and parse the listed lines of data and transform the records into graphs, as disclosed by Louie, such modification would allow the system to analyze various properties of these graphs, and determining security metrics.
Regarding claim 8:
Claim 8 substantially recites the same limitation as claim 4, in the form of a security assessment system implementing the corresponding method, therefore it is rejected by the same rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Strohmenger et al. (US-PGPUB No. 2016/0274553 A1)- disclosed a cloud-based modeler component that generates interactive models of an industrial automation system(s) (IAS(s). 
White et al. (US-PPGPUB No 2009/0320137-A1)- disclosed a system for generating a network attack within a simulated network environment including a module configured for creating one or more attack events against network devices within the simulated network environment. The attack events include exploitations of published and unpublished vulnerabilities and failures of hardware and software network systems, devices, or applications within the simulated network environment.
Gorodissky et al. (US-PGPUB No. 2019/0245883-A1)- disclosed methods and systems for penetration testing of a networked system by a penetration testing system that is user-interface controlled.
Maturana et al. (US-PGPUB No 2014/0180644-A1)- disclosed methods and systems for creating simulations of complex controlled devices for simulations of industrial control systems.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply s filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/M.H./Examiner, Art Unit 2491     
                                                                                                                                                                                                   /DANIEL B POTRATZ/Primary Examiner, Art Unit 2491