Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
Claims 1-13 are pending in this office action.
Applicant’s arguments, filed 09/26/2022, have been fully considered but they are not persuasive.

Priority
Foreign priority claimed to JP2015-182073, filed 09/15/2015. However in order to be entitled to the benefit of earlier filing date of 09/15/2015 under the first inventor to file provisions of the AIA , an English translation of the priority application needs to be filed. Since an English translation of the priority application is missing, the effective filing date of this application for the purpose of prior-art will be considered as the filing date of the parent US application, which is 03/13/2018 (See MPEP § 216.01).
Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 09/14/2022 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.


Response to Arguments
Applicant argues:
Basavapatna discloses that "thereat definition data 204" and/or "vulnerability definition data 205" includes information on one or more countermeasures that protect against a vulnerability and a threat thereof, for example, in paragraphs 0042 and 0052. However, Basavapatna does not teach or suggest determining whether the selected countermeasure is applicable to a certain terminal, "wherein the selected countermeasure being applicable indicates that the vulnerability is eliminated or mitigated in a case where the countermeasure is applied."

Examiner Response:
Regarding argument (a), examiner respectfully disagrees with applicant. Applicant’s arguments are moot in view of the new ground of rejection. This limitation was newly added and has been rejected below (Basavapatna teaches that one or more countermeasures pertaining to one or more vulnerabilities in relation with the particular asset associated therewith, are applied based on many factors such as applicability of vulnerabilities to the asset, configuration of the asset etc., to mitigate to partially or fully eliminate the vulnerabilities associated with the assets, as shown in the rejection below).


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-3, 6-9, 12-13 are rejected under 35 U.S.C. 102(a)(1), 102(a)(2) as being anticipated by Basavapatna et al. (US 2013/0191919 A1, hereinafter Basavapatna).
For claim 1, Basavapatna teaches a method performed by a server connected with a terminal (Fig. 1-2; para 0013, 0019-0020, 0028), comprising: receiving a selected countermeasure corresponding to a vulnerability (para 0014-0016, 0029, 0034, 0064 - identifying countermeasure from among a plurality of countermeasures corresponding to a vulnerability); 
determining whether the selected countermeasure is applicable to the terminal (para 0014-0015, 0044, 0051-0053 - countermeasure data stored, and corresponding to (or applicable to) assets or terminals); and 
when the selected countermeasure is not applicable to the terminal, displaying information of the terminal as a remaining terminal in which the vulnerability remains (para 0030 – indication of additional countermeasures required for one or more assets, implying lack of existing protection for those terminals/assets in view of the selected countermeasures; para 0043, 0060, 0064, 0086-0087, 0138-0140 – selecting one or more countermeasures in relation to assets, and assets identifying terminals with countermeasures not protecting the terminals (remaining terminal or asset for which the countermeasure is not applicable or sufficient), and alerting or listing the asset in a display),
wherein the selected countermeasure being applicable indicates that the vulnerability is eliminated or mitigated in a case where the countermeasure is applied (para 0014 - "...an identification of one or more countermeasures that reduce a risk associated with possession of the vulnerability by an asset, an indication of a level of protection potentially afforded by each countermeasure for the vulnerability, and applicability information describing one or more configurations of assets to which the vulnerability applies......the countermeasure detection data for each asset identifying one or more countermeasures protecting the asset.."; para 0052-0053 - "...countermeasure provides a high level of mitigation.........countermeasure confidence score for each countermeasure that protects against risk associated with a vulnerability. The confidence score is an estimate of how likely the countermeasure is to reduce the risk associated with the vulnerability..." - i.e. applicability of countermeasure on the respective asset vulnerability as a mitigation step to eliminate or reduce the effect of vulnerability; para 0021 - "...Active countermeasures can be countermeasures that eliminate, in whole or in part, the existence of the vulnerability. For example, applying a patch to a vulnerable application or OS component removes the vulnerability..."; para 0029 - applying countermeasure to eliminate vulnerability of the asset; All of the above teachings indicate that the vulnerability is mitigated and eliminated/reduced to varying degrees when the countermeasure is applied).

For claim 2, Basavapatna teaches the claimed subject matter as discussed above. Basavapatna further teaches wherein the information includes importance of the remaining terminal (para 0015-0016, 0092-0097, 0118 - importance of the asset, and criticality score indicates the impact of losing an asset based on vulnerability, wherein the score implies how critical or important it is to not lose the asset, or in other words indicates importance of the terminal/asset).

For claim 3, Basavapatna teaches the claimed subject matter as discussed above. Basavapatna further teaches wherein the information includes a type of the remaining terminal (para 0015-0017, 0064, 0087, 0092-0097, 0118, 0138-0139 – assets information or types such as network monitor, mail servers etc.).

For claim 6, Basavapatna teaches the claimed subject matter as discussed above. Basavapatna further teaches wherein the information includes information on one or more countermeasures applicable to the terminal corresponding to the vulnerability (para 0014-0015, 0044, 0051-0053 – identifying plurality of countermeasure corresponding to (or applicable to) assets or terminals).

For claim 7, the claim limitations are similar to those of claim 1, except the instant claim 7 is drawn to an apparatus connected with a terminal comprising: a processor configured to execute instructions; and a memory coupled to the processor and storing instructions which, when executed by the processor (Basavapatna - Fig. 1-2; para 0013-0028, 0031), cause the processor to perform the method of claim 1. Therefore, the instant claim 7 is rejected according to claim 1 as above.

For claims 8-9, the claim limitations are similar to claims 2-3 respectively. Therefore claims 8-9 are rejected according to claims 2-3 respectively as above.

For claim 12, the claim limitations are similar to claim 6. Therefore claim 12 is rejected according to claim 6 as above.

For claim 13, the claim limitations are similar to those of claim 1, except the instant claim 13 is drawn to a non-transitory computer readable medium storing a program for causing a processor (Basavapatna - para 0141) to perform a method of claim 1. Therefore, the instant claim 13 is rejected according to claim 1 as above.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4-5, 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Basavapatna et al. (US 2013/0191919 A1, hereinafter Basavapatna), in view of Schrecker et al. (US 8,495,745 B1, Schrecker hereinafter).
For claim 4, Basavapatna teaches the claimed subject matter as discussed above. Although Basavapatna further teaches wherein the server is connected with a plurality of terminals, and the determining is performed for each of the plurality of terminals (Fig. 1-2; para 0043, 0060, 0064, 0086-0087, 0138-0140 – providing the number of identified remaining terminals by selecting one or more countermeasures in relation to each of the assets, and assets identifying terminals with countermeasures not protecting the terminals (remaining terminal or asset for which the countermeasure is not applicable or sufficient), and alerting or listing the asset in a display), wherein different formats of presenting the identified assets may be easily extended based on various criteria for inclusion and exclusion of various types of assets, and with different displaying mechanisms (e.g. as an extension of teachings of Basavapatna in Fig. 6 and para 0139-0140), Basavapatna does not appear to explicitly disclose, whereas Schrecker teaches the information includes a number of terminals identified as the remaining terminal (Fig. 2, 4 – col. 6 lines 29-40; col. 13 lines 30-52 – asset vulnerability, and countermeasure; Fig. 5A; col. 13 line 55 – col. 14 line 18 – chart displaying number of assets not covered by the countermeasure, i.e. the chart displays first information indicating the number of remaining terminals).
Therefore, based on Basavapatna in view of Schrecker, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Schrecker for presenting counts of various types of assets in the asset vulnerability risk calculation system of Basavapatna, in order to provide readily available assessments and views of variety of system vulnerabilities, thereby effectively aiding in the process of vulnerability detection and prevention and in turn making the system more efficient, administrator-friendly and secure.

For claim 5, Basavapatna in view of Schrecker teaches the claimed subject matter as discussed above. Basavapatna does not appear to explicitly disclose, whereas Schrecker teaches wherein the information is displayed using a color based on the number of terminals identified as the remaining terminal (Fig. 5A; col.13 line 55 - col. 14 line 18 - chart with a color indicating number of terminals or assets).

For claims 10-11, the claim limitations are similar to claims 4-5 respectively. Therefore claims 10-11 are rejected according to claims 4-5 respectively as above.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH M JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFREY PWU can be reached on (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433