DETAILED ACTION
I.	Claims 1-19 have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
The current application claims foreign priority to 20179185.2, filed 06/10/2020.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/09/2021 has been considered by the examiner.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) are: “a collecting unit configured to…”, “a generating unit configured to…”, “an analysis unit configured to…”, and “an output unit configured to…” in claim 19.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-7, 10-16 and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by United States Patent Application Publication No. US 20030120935 A1 to Teal et al., hereinafter Teal.
Regarding claim 1, Teal teaches a method of generating an automated security analysis for an installation, the method comprising:
collecting installation information (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, and paragraphs 62, 77, and 78);
generating analysis rules (paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”);
applying the analysis rules to the installation information, wherein a scope of validity of an application is specified (paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”); 
and outputting a result in the form of an audit trail, the audit trail being a list of hits, wherein the list of hits comprises an evaluation based on the analysis rules of the hits (paragraphs 13 and 50, “audit trail analysis system then queries the operating system resident in the kernel space for the audit trail data record, creating yet another call of the operating system resident in the kernel space”, and paragraph 65, “open an audit trail, read the audit trail, and then copy the contents of the audit trail file into the address space of the security application software application, and finally, close the audit trail file”).
Regarding claim 2, Teal teaches wherein the result for the hits included in the audit trail indicates a recommended action depending on a result of the evaluation (paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”), 
and wherein the recommended action comprises security-relevant settings, security- relevant configurations, a list of security updates and boundary conditions, or any combination thereof (paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”).
Regarding claim 3, Teal teaches automatically tracking execution of measures for the recommended action; and generating new recommended actions depending on a result of the tracking (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”).
	[With regards to the claim language “automatically”, it has been held that “broadly providing an automatic or mechanical means to replace a manual activity which accomplished the same result is not sufficient to distinguish over the prior art”. Please refer to In re Venner, 262 F.2d 91, 95, 120 USPQ 193, 194 (CCPA 1958).]
Regarding claim 4, Teal teaches wherein the generated analysis rules are filtered out of a totality of an analysis rulebook based on user-specific safety criteria, and of protection requirements resulting therefrom (paragraph 50, “audit trail analysis”, paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”).
Regarding claim 5, Teal teaches collecting data and information relating to the installation as data objects for generation of the installation information (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, and paragraphs 62, 77, and 78); 
and ascertaining a protection requirement for the collected data and information, the protecting requirement containing a statement as to effects of a security threat arising from data loss or attack (paragraph 34, “to protect the operating systems of the individual computer resources in the network of individual computer resources from unauthorized access by unwanted or malicious programming code, whether this unwanted or malicious programming code originates from within the proprietary computer network or outside the computer network”, paragraph 37, “a configurable set of events is created and action can be taken to protect that portion of the operating system resident in the kernel space of a computer resource immediately upon the detection of the presence of unwanted or malicious programming code”, and paragraphs 38 and 40).
Regarding claim 6, Teal teaches wherein the installation information includes engineering data, configuration data, data relating to communication within the installation, security data, integrity data, version data of underlying software, anomaly recognition data, topology data, geography data, data on the installation structure, data relating to security zones, or any combination thereof (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, and paragraphs 62, 77, and 78).
[The limitations set forth within claims 6 and 15 belong to a Markush group. As stated within MPEP 803.02 – “A Markush-type claim recites alternatives in a format such as ‘selected from the group consisting of A, B and C.’ See Ex parte Markush, 1925 C.D. 126 (Comm’r Pat. 1925). The members of the Markush group (A, B, and C in the example above) ordinarily must belong to a recognized physical or chemical class or to an art-recognized class. However, when the Markush group occurs in a claim reciting a process or a combination (not a single compound), it is sufficient if the members of the group are disclosed in the specification to possess at least one property in common which is mainly responsible for their function in the claimed relationship, and it is clear from their very nature or from the prior art that all of them possess this property.”  Thus, only one claim element from the claimed “group” would be required.]
Regarding claim 7, Teal teaches wherein the installation information includes security data, the security data including identity and access management data (paragraph 34, “to protect the operating systems of the individual computer resources in the network of individual computer resources from unauthorized access by unwanted or malicious programming code, whether this unwanted or malicious programming code originates from within the proprietary computer network or outside the computer network”, and paragraphs 35 and 46).
Regarding claim 10, Teal discloses in a non-transitory computer-readable storage medium that stores instructions executable by one or more processors to generate an automated security analysis for an installation, the instructions comprising:
collecting installation information (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, and paragraphs 62, 77, and 78);
generating analysis rules (paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”);
applying the analysis rules to the installation information, wherein a scope of validity of an application is specified (paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”); 
and outputting a result in the form of an audit trail, the audit trail being a list of hits, wherein the list of hits comprises an evaluation based on the analysis rules of the hits (paragraphs 13 and 50, “audit trail analysis system then queries the operating system resident in the kernel space for the audit trail data record, creating yet another call of the operating system resident in the kernel space”, and paragraph 65, “open an audit trail, read the audit trail, and then copy the contents of the audit trail file into the address space of the security application software application, and finally, close the audit trail file”).
Regarding claim 11, Teal discloses wherein the result for the hits included in the audit trail indicates a recommended action depending on a result of the evaluation (paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”), 
and wherein the recommended action comprises security-relevant settings, security- relevant configurations, a list of security updates and boundary conditions, or any combination thereof (paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”).
Regarding claim 12, Teal discloses wherein the instructions further comprise:
automatically tracking execution of measures for the recommended action; and generating new recommended actions depending on a result of the tracking (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”).
Regarding claim 13, Teal discloses wherein the generated analysis rules are filtered out of a totality of an analysis rulebook based on user- specific safety criteria, and of protection requirements resulting therefrom (paragraph 50, “audit trail analysis”, paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”).
Regarding claim 14, Teal discloses wherein the instructions further comprise:
collecting data and information relating to the installation as data objects for generation of the installation information (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, and paragraphs 62, 77, and 78); 
and ascertaining a protection requirement for the collected data and information, the protecting requirement containing a statement as to effects of a security threat arising from data loss or attack (paragraph 34, “to protect the operating systems of the individual computer resources in the network of individual computer resources from unauthorized access by unwanted or malicious programming code, whether this unwanted or malicious programming code originates from within the proprietary computer network or outside the computer network”, paragraph 37, “a configurable set of events is created and action can be taken to protect that portion of the operating system resident in the kernel space of a computer resource immediately upon the detection of the presence of unwanted or malicious programming code”, and paragraphs 38 and 40).
Regarding claim 15, Teal discloses wherein the installation information includes engineering data, configuration data, data relating to communication within the installation, security data, integrity data, version data of underlying software, anomaly recognition data, topology data, geography data, data on the installation structure, data relating to security zones, or any combination thereof (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, and paragraphs 62, 77, and 78).
Regarding claim 16, Teal discloses wherein the installation information includes security data, the security data including identity and access management data (paragraph 34, “to protect the operating systems of the individual computer resources in the network of individual computer resources from unauthorized access by unwanted or malicious programming code, whether this unwanted or malicious programming code originates from within the proprietary computer network or outside the computer network”, and paragraphs 35 and 46).
Regarding claim 19, Teal discloses an apparatus for generating an automated security analysis for an installation, the apparatus comprising:
a collecting unit configured to collect installation information (paragraph 40, “checking of communication by the computer code set installed in the kernel space is designed to detect and, if necessary, to prevent the entry of unwanted or malicious programming code into that portion of the operating system resident in the kernel space”, and paragraphs 62, 77, and 78);
a generating unit configured to generate analysis rules (paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”, and paragraph 101, “creation of an analysis system for performing security and intrusion detection functions on a wide variety of different operating systems”);
an analysis unit configured to apply the analysis rules to the installation information, taking a scope of validity of the application into consideration (paragraph 51, “a configurable set of events analysis application for performing security and intrusion detection functions across operating system platforms”, and paragraph 60, “data packet filtering techniques involve the use of a signature analysis or a pattern matching algorithm to compare the signatures of individual data packets with the signatures of those packets including known policy violations or patterns of misuse”); 
and an output unit configured to output a result of the application of the analysis rules to the installation information in the form of an audit trail as a list of hits, wherein the list of hits comprises an evaluation based on the analysis rules of the list of hits (paragraphs 13 and 50, “audit trail analysis system then queries the operating system resident in the kernel space for the audit trail data record, creating yet another call of the operating system resident in the kernel space”, and paragraph 65, “open an audit trail, read the audit trail, and then copy the contents of the audit trail file into the address space of the security application software application, and finally, close the audit trail file”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 8, 9, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Teal as applied to independent claims 1 and 10 above, and further in view of United States Patent Application Publication No. US 20180205755 A1 to Kavi et al., hereinafter Kavi.
Teal teaches the claimed invention, as cited above.  However, Teal is not relied upon for the claim limitations within dependent claims 8 and 17 pertaining to “constructing an object model having properties that are described by a metamodel filtered by a rule generator; and for each found asset: checking each security threat in the list of hits with reference to a filter expression; and when the respective security threat affects the respective found asset, entering the respective security threat as the result in the audit trail”.  Kavi is relied upon for said claim limitations, as cited below.
Regarding claim 8, Kavi teaches constructing an object model having properties that are described by a metamodel filtered by a rule generator (Figure 3, paragraph 21, “security model OKB module 110 may comprise information about various known Information Technology (IT) product vulnerabilities, attacks, and defenses modeled and represented using ontology design and supporting semantic relationships.  Security OKB module may also be updated, e.g., automatically and/or on-demand, with relevant vulnerabilities, attacks, and defenses detail for each received cloud configuration entity to be assessed.”, and paragraphs 33, 34, 37, and 41, “STRIDE threat model (or any other suitable threat model)”); 
and for each found asset: checking each security threat in the list of hits with reference to a filter expression (paragraphs 36 and 43, “filter security analytics”); 
and when the respective security threat affects the respective found asset, entering the respective security threat as the result in the audit trail (paragraphs 36 and 41).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kavi with the teachings of Teal to provide security analysis and subsequent mitigation and remediation upon detection of an attack: “In response to a query, e.g., active monitoring, and/or user generated query of system parameters, and/or upon detection of a vulnerability (and/or class of vulnerabilities), security OKB module 110 may return a detected vulnerability identifier, description, and severity ranking. If there is an attack associated with the detected vulnerability, security OKB module 110 returns the found exploit identifier and description. If there is a defense associated with the detected vulnerability and/or attack, security OKB module 110 returns the found mitigation identifier and a risk management technique in light of the detected vulnerabilities, attacks, and defenses.” (Kavi – paragraph 21).
The obviousness to combine for claim 8 also pertains to claim 17.
Regarding claim 17, Kavi discloses wherein the instructions further comprise: constructing an object model having properties that are described by a metamodel filtered by a rule generator (Figure 3, paragraph 21, “security model OKB module 110 may comprise information about various known Information Technology (IT) product vulnerabilities, attacks, and defenses modeled and represented using ontology design and supporting semantic relationships.  Security OKB module may also be updated, e.g., automatically and/or on-demand, with relevant vulnerabilities, attacks, and defenses detail for each received cloud configuration entity to be assessed.”, and paragraphs 33, 34, 37, and 41, “STRIDE threat model (or any other suitable threat model)”); 
and for each found asset: checking each security threat in the list of hits with reference to a filter expression (paragraphs 36 and 43, “filter security analytics”); 
and when the respective security threat affects the respective found asset, entering the respective security threat as the result in the audit trail (paragraphs 36 and 41).
Teal discloses the claimed invention, as cited above.  However, Teal is not relied upon to disclose the claim limitations pertaining to “ascertaining the user-specific security criteria, the ascertaining comprising: analyzing and identifying a threat; preparing a threat catalog and corresponding rules; and conducting a threat analysis according to a "STRIDE" model” within dependent claims 9 and 18.  Kavi is relied upon for those claim limitations, as cited below.
Regarding claim 9, Kavi discloses ascertaining the user-specific security criteria (paragraphs 21 and 26, “user attempting to identify a vulnerability”, and paragraph 39, “inputs by various users”), the ascertaining comprising:
analyzing and identifying a threat (paragraph 27, “a list of vulnerabilities”, and paragraph 30, “monitoring security and threat intelligence reports for the presence of new threats or zero-day attacks, symptoms OKB 102 may collect system data that may indicate the presence of an unknown vulnerability or attack as well”);
preparing a threat catalog and corresponding rules (paragraph 21, “upon detection of a vulnerability (and/or class of vulnerabilities), security OKB module 110 may return a detected vulnerability identifier, description, and severity ranking.  If there is an attack associated with the detected vulnerability, security OKB module 110 returns the found exploit identifier and description.  If there is a defense associated with the detected vulnerability and/or attack, security OKB module 110 returns the found mitigation identifier and a risk management technique in light of the detected vulnerabilities, attacks, and defenses”, and paragraph 27, “list of vulnerabilities”); 
and conducting a threat analysis according to a "STRIDE" model (paragraph 34, “The Microsoft STRIDE threat model may be used to classify and rank discovered threat types for each of the cloud’s building blocks which are made of various shared technologies.”, paragraph 36, “the STRIDE threat types populated in attacks OKB 104 may have corresponding mitigation techniques for each threat type”, and paragraph 41). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Kavi with the teachings of Teal to provide mitigation and remediation techniques upon detection of a threat, so as to protect the particular system and/or network environment. 
In assessing whether a claim to a combination of prior art elements/steps would have been obvious, the question to be asked is whether the improvement of the claim is more than the predictable use of prior art elements or steps according to their established functions. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). “[T]he analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” Id. at 418.  It is well established that in evaluating references it is proper to take into account not only the specific teachings of the references but also the inferences which one skilled in the art would reasonably be expected to draw therefrom. In re Preda, 401 F.2d 825, 826 (CCPA 1968).
The obviousness to combine for claim 9 also pertains to claim 18.
Regarding claim 18, Kavi discloses wherein the instructions further comprise ascertaining the user-specific security criteria (paragraphs 21 and 26, “user attempting to identify a vulnerability”, and paragraph 39, “inputs by various users”), the ascertaining comprising:
analyzing and identifying a threat (paragraph 27, “a list of vulnerabilities”, and paragraph 30, “monitoring security and threat intelligence reports for the presence of new threats or zero-day attacks, symptoms OKB 102 may collect system data that may indicate the presence of an unknown vulnerability or attack as well”);
preparing a threat catalog and corresponding rules (paragraph 21, “upon detection of a vulnerability (and/or class of vulnerabilities), security OKB module 110 may return a detected vulnerability identifier, description, and severity ranking.  If there is an attack associated with the detected vulnerability, security OKB module 110 returns the found exploit identifier and description.  If there is a defense associated with the detected vulnerability and/or attack, security OKB module 110 returns the found mitigation identifier and a risk management technique in light of the detected vulnerabilities, attacks, and defenses”, and paragraph 27, “list of vulnerabilities”); 
and conducting a threat analysis according to a "STRIDE" model (paragraph 34, “The Microsoft STRIDE threat model may be used to classify and rank discovered threat types for each of the cloud’s building blocks which are made of various shared technologies.”, paragraph 36, “the STRIDE threat types populated in attacks OKB 104 may have corresponding mitigation techniques for each threat type”, and paragraph 41).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The references cited on form PTO-892 are cited to further show the state of the art with respect to security analysis.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMIAH L AVERY whose telephone number is (571)272-8627. The examiner can normally be reached M-F 8:30am -5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JEREMIAH L AVERY/            Primary Examiner, Art Unit 2431