DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-7 are pending.
The claim objections have been withdrawn in view of the claim amendment. 
The 35 U.S.C. 112(d) rejection has been withdrawn in view of the claim amendment.

Response to Arguments
Applicant's arguments filed on 09/08/22 have been fully considered. Although there might be differences between Applicant’s invention and the cited prior art, the current claims have not successfully captured these differences to render the claims clearly distinguishable from the cited prior art as explained in more detail below.

In response to Applicant’s argument that Mohanty never mentions using or training a machine learning algorithm and that none of the teachings relate or are equivalent to a machine learning algorithm as claimed and as appreciated by those of ordinary skill in the art (pages 8-9 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Firstly, it should be noted that the claim only recites the term “machine learning algorithm” and does not recite the specifics (e.g. the type or structure) of this “machine learning algorithm”.  Thus, the term “machine learning algorithm” broadly covers any code, program, or logic that adjusts itself to perform better as it is exposed to more data.  Moreover, the claim does not recite the specifics of the term “training” (e.g. steps involved).  As a result, the term “training” broadly covers any way(s) of exposing the code, program or logic to data to enable the code, program, or logic to adjust itself to perform better.
Secondly, Mohanty discloses a security system 150 (code, program, or logic) that adjusts itself to better generate (machine learning) recommended security policies for future or new virtual machines as it is exposed to (trained using) various data including information about the configurations and software deployed on past virtual machines, detected malicious or poor reputation applications deployed on past virtual machines, security policies and settings applied for specific applications on past virtual machines, reputation data for applications indicating that the applications are untrusted or otherwise have a bad reputation, associations of particular virtual machine configurations and set of deployed applications to security policies implemented for those configurations and set of deployed applications, associations of families of applications with  known uses for the applications and security policies that allow the applications to work as intended, data about the characteristics of past virtual machines and the applications deployed on the virtual machines, information about similar virtual machines with similar characteristics and similar sets of deployed applications, information about remediation procedures for applications with an “untrusted” or bad reputation, and feedbacks from a system administrator (e.g., when a system administrator overrides an active security policy or modifies a recommended security policy before applying the security policy to a temporary virtual machine instance 130) (e.g. ¶32, 35-36, 38-40, 44-46, 52, 57). 
For at least the above reasons, Mohanty does disclose using or training a machine learning algorithm.

In response to Applicant’s argument that it logically follows that Mohanty cannot disclose that any machine learning algorithm is "trained using training examples, each of the training examples including a configuration for a training VM and an associated vulnerability vector based on an observed security occurrence at the training VM, wherein each of the training examples further includes an identification of one of set of security configurations for the training VM," or "executing the machine learning algorithm with the vector of configuration characteristics for the target VM and an identification of the security configuration, so as to generate a set of vulnerability vectors including a vulnerability vector for each security configuration in the selected subset," as claimed in claim 1 (page 9 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the following reasons.
Firstly, since the claim does not further clarify the type or structure of the term “configuration”, this term broadly covers any type of configuration or setting including software and applications deployed on the virtual machine and security policies implemented on the virtual machine.  In addition, the claim also does not further clarify the term “vulnerability vector” and thus this term broadly covers any indicator or indication of any weaknesses, flaws, or characteristics that can be exploited.  Furthermore, the claim does not further clarify the term “vector of configuration characteristics” and thus this term broadly covers any indicator or indication of configuration characteristics or state.
Secondly, as explained above, Mohanty discloses a security system 150 (code, program, or logic) that adjusts itself to better generate (machine learning) recommended security policies for future or new virtual machines as it is exposed to (trained using) various data including information about the configurations of the past virtual machines and software deployed on the past virtual machines, detected malicious or poor reputation applications deployed on past virtual machines, security policies and settings applied for specific applications on past virtual machines, reputation data for applications indicating that the applications are untrusted or otherwise have a bad reputation, associations of particular virtual machine configurations and set of deployed applications to security policies implemented for those configurations and set of deployed applications, associations of families of applications with  known uses for the applications and security policies that allow the applications to work as intended, data about the characteristics of past virtual machines and the applications deployed on the virtual machines, information about similar virtual machines with similar characteristics and similar sets of deployed applications, information about remediation procedures for applications with an “untrusted” or bad reputation, and feedbacks from a system administrator (e.g., when a system administrator overrides an active security policy or modifies a recommended security policy before applying the security policy to a temporary virtual machine instance 130) (e.g. abstract, ¶32, 35-36, 38-40, 44-46, 52, 57). 
Thus, Mohanty does disclose a machine learning algorithm that is “trained using training examples, each of the training examples including a configuration for a training VM and an associated vulnerability vector based on an observed security occurrence at the training VM, wherein each of the training examples further includes an identification of one of set of security configurations for the training VM.”  
Furthermore, Mohanty discloses the security system 150 analyzes information about the configuration or characteristics of a new (target) virtual machine, software and applications deployed on the new (target) virtual machine including information identifying a software package, the version of the software package, and so on and information identifying a proprietary application that is not included in an application database, such as a financial analysis tool available only within a specific organization deployed on the new (target) virtual machine to determine deployed software, software packages and applications that are security risks, malicious, have bad/poor reputations (e.g., includes a malicious payload, participates in a botnet, or is otherwise untrusted) and pose threats to the virtual machine (e.g. ¶29, 32-33, 35, 38-40, 44-45, 49, 56-57, 61).	
	For at least the above reasons, Mohanty does disclose "executing the machine learning algorithm with the vector of configuration characteristics for the target VM and an identification of the security configuration, so as to generate a set of vulnerability vectors including a vulnerability vector for each security configuration in the selected subset," as claimed in claim 1.

In response to Applicant’s argument that Mohanty is silent with respect to vulnerability vectors and vectors of configuration characteristics as claimed (page 9 of Remarks), Examiner acknowledged Applicant’s perspective but respectfully disagreed for the reasons provided above.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
 (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-3 and 5-7 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Mohanty (US 20170279826).

Claim 1, Mohanty discloses A computer implemented method to determine a security configuration for a target virtual machine (VM) in a virtualized computing environment, (e.g. ¶20: Embodiments presented herein provide techniques for generating security policies for temporary virtual machine instances in a cloud computing platform. A security system can use information about the temporary virtual machine instance and applications deployed on the temporary virtual machine instance to generate a recommended security policy to be applied to the temporary virtual machine instance) the method comprising: 
training a machine learning algorithm to determine a vector of security vulnerabilities for the target VM based on a vector of configuration characteristics for the target VM, the machine learning algorithm being trained using training examples, each of the training examples including a configuration for a training VM and an associated vulnerability vector based on an observed security occurrence at the training VM, wherein each of the training examples further includes an identification of one of set of security configurations for the training VM; (e.g. ¶32, 35-36, 38-40, 44-46, 52, 57:  Security system 150 generally monitors the allocation of temporary virtual machine instances 130 in cloud platform 120 to determine a security policy to be applied to newly spawned temporary virtual machine instances 130. Security system 150 can use information about the configuration and software deployed on a temporary virtual machine to generate a recommended security policy to be applied to the temporary virtual machine instance 130. In some cases, security system 150 may additionally use feedback from a system administrator (e.g., when a system administrator overrides an active security policy or modifies a recommended security policy before applying the security policy to a temporary virtual machine instance 130) to determine future recommended security policies for virtual machines in cloud platform 120…If VM instance analyzer 152 detects that an application deployed on a temporary virtual machine instance 130 is known to be malicious or otherwise has a poor reputation, VM instance analyzer 152 can generate a security policy for the temporary virtual machine instance 130 to remove the application from the temporary virtual machine instance. VM instance analyzer 152 can additionally generate a security policy to initiate remediation procedures on the temporary virtual machine instance 130 and, in some cases, peer virtual machine instances in cloud platform 120…Based on the metadata about the temporary virtual machine instance 130 and the applications 132 deployed on the temporary virtual machine instance 130, VM instance analyzer 152 can monitor cloud platform 120 for peer virtual machine instances (e.g., peer persistent virtual machine instances 125 and/or peer temporary virtual machine instances 130). If VM instance analyzer 152 finds a peer virtual machine instance with a similar configuration and set of deployed applications 152, VM instance analyzer 152 can query a security policy database (e.g., security policy library 162 in data store 160) for a security policy previously applied to the peer virtual machine instance…VM instance analyzer 152 can use security policies and settings applied for a specific application on other virtual machine instances (persistent virtual machine instances 125 and/or other temporary virtual machine instances 130) to recommend a security policy to be applied to the temporary virtual machine instance 130 for the application…VM instance analyzer may additionally obtain the reputation of the deployed applications 132 on temporary virtual machine instance 130 to determine whether or not applications are allowed to execute on the temporary virtual machine instance. For each application 132 deployed on temporary virtual machine instance 130, VM instance analyzer can query a reputation service (or reputation data repository, such as reputation data 166 in data store 160) to obtain reputation data for an application…If, however, reputation data for the application indicates that the application is untrusted or otherwise has a bad reputation (e.g., includes a malicious payload, participates in a botnet, or is otherwise untrusted), VM instance analyzer 152 can determine one or more remediation actions to perform on the temporary virtual machine instance to remedy any threats posed to the temporary virtual machine and/or peer virtual machine instances from the application…Security policy library 162 generally includes information about security policies previously applied to other temporary virtual machine instances. Security policy library 162 may be structured as a relational database that associates a particular virtual machine configuration and set of deployed applications to a security policy implemented for that configuration and set of deployed applications. As discussed above, security system 150 can use the security policies applied to other virtual machine instances to derive a security policy for a temporary virtual machine instance 130 that is newly created and allocated to a particular workload. For temporary virtual machine instance 130 that are new to security system 150, the security policy applied to the temporary virtual machine instance 130 can be saved to security policy library 162 for future use in determining security policies to be applied to new temporary virtual machine instances. Application library 164 generally stores information about commonly deployed applications that security system 150 can use to determine a security policy to be applied to a temporary virtual machine instance 130. For example, application library 164 can store an association of a family of applications (e.g., different versions of the same application) with a known use for the application and a security policy that allows the application to work as intended…reputation data 166 may include information about remediation procedures for applications with an “untrusted” or bad reputation, which security system 150 may use to remediate security risks on a temporary virtual machine instance 130 (and peer virtual machines in cloud platform 120) posed by malicious applications deployed on a temporary virtual machine instance 130...Security policy generator 240 generally uses the data about the characteristics of a temporary virtual machine instance 130 and the applications deployed on the temporary virtual machine instance to generate a recommended security policy to be applied to the temporary virtual machine instance. As discussed above, security policy generator 240 can use information about similar virtual machine instances as a basis for generating a recommended security policy for the temporary virtual machine instance 130…At step 330, the security system recommends one or more security policies to activate for the temporary virtual machine based on the configuration data. The security policies may be generated based on a previously-applied security policy for a virtual machine instance with similar characteristics and a similar set of deployed applications)
selecting at least a subset of the set of security configurations and, for each security configuration in the selected subset, executing the machine learning algorithm with the vector of configuration characteristics for the target VM and an identification of the security configuration, so as to generate a set of vulnerability vectors including a vulnerability vector for each security configuration in the selected subset; and selecting a security configuration for the target VM based on the set of vulnerability vectors. (e.g. ¶29, 32-33, 35, 38-40, 44-45, 49, 56-57, 61: if a temporary virtual machine instance 130 includes software that is a security risk, informing security engine 150 of the applications that are deployed on the temporary virtual machine instances 130 allows security system 150 to identify remediation actions that should be performed on the temporary virtual machine instance 130 and other peer virtual machine instances to remedy security risks that exist in cloud platform 120…Security system 150 can use information about the configuration and software deployed on a temporary virtual machine to generate a recommended security policy to be applied to the temporary virtual machine instance 130…VM instance analyzer 152 is generally configured to obtain data from a temporary virtual machine instance 130 and generate a security policy for the temporary virtual machine instance 130 based on the characteristics of the temporary virtual machine instance 130 and the applications 134 deployed on a temporary virtual machine instance 130…VM instance analyzer 152 can connect to a software provisioning tool in cloud platform 120 to obtain information about the software packages deployed on a temporary virtual machine instance 130. The software provisioning tools in cloud platform 120 may provide information identifying a software package, the version of the software package, and so on. In some cases, VM instance analyzer 152 can use the information about the software packages deployed on a temporary virtual machine instance 130 to query a reputation service for information about the applications deployed on temporary virtual machine instance 130…If VM instance analyzer 152 detects that an application deployed on a temporary virtual machine instance 130 is known to be malicious or otherwise has a poor reputation, VM instance analyzer 152 can generate a security policy for the temporary virtual machine instance 130 to remove the application from the temporary virtual machine instance. VM instance analyzer 152 can additionally generate a security policy to initiate remediation procedures on the temporary virtual machine instance 130 and, in some cases, peer virtual machine instances in cloud platform 120…After VM instance analyzer 152 analyzes the characteristics of the temporary virtual machine instance 130, VM instance analyzer 152 proceeds to analyze the applications 132 to generate a recommended security policy for the temporary virtual machine instance 130. For example, VM instance analyzer 152 can use security policies and settings applied for a specific application on other virtual machine instances (persistent virtual machine instances 125 and/or other temporary virtual machine instances 130) to recommend a security policy to be applied to the temporary virtual machine instance 130 for the application…VM instance analyzer 152 can use information about the functionality of the applications 132 to determine a recommended security policy for the temporary virtual machine instance 130…for a proprietary application that is not included in an application database, such as a financial analysis tool available only within a specific organization, VM instance analyzer 152 can initially recommend a security policy that blocks the application from sending and/or receiving data using a network connection…VM instance analyzer may additionally obtain the reputation of the deployed applications 132 on temporary virtual machine instance 130 to determine whether or not applications are allowed to execute on the temporary virtual machine instance. For each application 132 deployed on temporary virtual machine instance 130, VM instance analyzer can query a reputation service (or reputation data repository, such as reputation data 166 in data store 160) to obtain reputation data for an application…If, however, reputation data for the application indicates that the application is untrusted or otherwise has a bad reputation (e.g., includes a malicious payload, participates in a botnet, or is otherwise untrusted), VM instance analyzer 152 can determine one or more remediation actions to perform on the temporary virtual machine instance to remedy any threats posed to the temporary virtual machine and/or peer virtual machine instances from the application. In some cases, the remediation actions may include removing the application 132 from the temporary virtual machine instance 130. Remediation actions may additionally include removing related applications, blocking traffic to/from one or more designated network locations (e.g., known botnet command and control servers), and so on…Security policy library 162 may be structured as a relational database that associates a particular virtual machine configuration and set of deployed applications to a security policy implemented for that configuration and set of deployed applications. As discussed above, security system 150 can use the security policies applied to other virtual machine instances to derive a security policy for a temporary virtual machine instance 130 that is newly created and allocated to a particular workload…Application library 164 generally stores information about commonly deployed applications that security system 150 can use to determine a security policy to be applied to a temporary virtual machine instance 130. For example, application library 164 can store an association of a family of applications (e.g., different versions of the same application) with a known use for the application and a security policy that allows the application to work as intended…At step 320, the security system examines the configuration data for the temporary virtual machine instance. In examining the configuration data for the temporary virtual machine instance, the security system generally obtains metadata associated with the temporary virtual machine instance from the cloud platform using one or more APIs provided by the cloud platform that expose the characteristics of the virtual machine instance. The security system additionally obtains a list of the applications deployed on the temporary virtual machine instance through a software deployment tool provided by the cloud platform. At step 330, the security system recommends one or more security policies to activate for the temporary virtual machine based on the configuration data. The security policies may be generated based on a previously-applied security policy for a virtual machine instance with similar characteristics and a similar set of deployed applications. If the security system has not generated a security policy for a virtual machine instance with similar characteristics and a similar set of deployed applications, the security system can generate a base security policy based on the characteristics of the temporary virtual machine instance.)

Claim 2, Mohanty discloses The method of claim 1, wherein each vulnerability vector includes an indicator of each of a plurality of security vulnerabilities of a VM.  (e.g. ¶29, 35, 39-40, 44-46, 61)

Claim 3, Mohanty discloses The method of claim 2, wherein each security vulnerability includes a characteristic of a VM. (e.g. ¶29, 35, 39-40, 44-46, 61)

Claim 5, Mohanty discloses The method of claim 1, wherein a vector of configuration characteristics includes an indicator of a state of each of a plurality of configuration characteristics for a VM.  (e.g. ¶29, 32-33, 35, 38-40, 44-45, 49, 56-57, 61)

Claim 6, this claim is rejected for similar reasons as in claim 1.

Claim 7, this claim is rejected for similar reasons as in claim 1.

Allowable Subject Matter
Claim 4 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20170149807 discloses the hypervisor device driver is configured to receive a packet
comprising virtual machine operating characteristics metadata for a guest virtual machine and to communicate the virtual machine operating characteristics metadata to an analysis tool using the hypervisor device driver interface. The analysis tool is configured to correlate the virtual machine operating characteristics metadata to one of a cluster of known healthy guest virtual machines or a cluster of known compromised guest virtual machines using a machine learning algorithm and to classify the guest virtual machine.

US 20190005246 discloses an example computer-implemented method of preventing exploitation of software vulnerabilities includes determining that a software container is susceptible to a vulnerability, determining one or more soft spots required to exploit the vulnerability, and analyzing runtime behavior of the software container to determine if the software container uses the one or more soft spots. The method includes automatically applying a security policy that prevents the software container from using the one or more soft spots based on the analyzing indicating that the software container does not use the one or more soft spots at runtime.

US 20170201490 discloses a method 400 of provisioning a secure container, such as container 318 shown in FIG. 3. At 402, a security policy can be determined for the application. The security policy can be determined from an inspection of the container image or startup options for the container. These may include servers which the application can and needs to communicate with, as well as actions to be taken if the container is compromised or a vulnerability is discovered.

THIS ACTION IS MADE FINAL.  See MPEP 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:30 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436