DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 10/23/2020.
Claims 1-20 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/23/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C.101 because the claimed invention is directed to abstract ideas without significantly more.
	Step 1 Statutory Category:
Claims 1-7 are directed to a machine. 
Claims 8-14 are directed to a process. 
Claims 15-20 are directed to a manufacture.Step 2A Prong 1 Judicial exception:
		The independent claims recite the following limitations which have been identified as reciting a Mental Process:
Claims 1, 8 and 15 recite “a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique; and
an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource”.  
These steps are mental processes that an ordinary person of skill in the art at the effective filing date can perform with or without pen and paper.  Mapping data and estimating a probability that a vulnerability will be exploited to attack a computing resource  are merely basic human actions using observation, evaluation and determination applied on a general computer with generic hardware. As a result, the claims are an abstract idea.
		Step 2A Prong 2, additional elements that integrate into a practical application of the exception:
		 Claims 1, 8 and 15 further recite “a memory, a processor and medium”.  The additional elements are identified as general purpose machine.  The claims as a whole merely use instructions to implement the abstract idea on a computer or, alternatively, merely uses a computer as a tool to perform the abstract idea.  As a result, the extra elements do not improve existing technology.  When taken individually or viewed as an ordered combination, the claims as a whole do not amount to significantly more than the abstract idea.	Step 2B significantly more:
		The above identified claim limitations have been identified as general Purpose Machine which are merely implementing the abstract idea within a computer environment. See MPEP 2106.05(b)(I). When taken individually or viewed as an ordered combination the claims as a whole do not appear to amount to significantly more than the abstract idea.

Conclusion:
Based on the above rational the claims have been deemed to ineligible subject
	Regarding dependent claims 2-7, 9-14 and 16-20, Dependent claims 2-7, 9-14 and 16-20 add the additional limitation of employing a model define the mappings. This additional step merely refines and further limits the abstract idea of independent claims 1, 8 and 15, and does not add any feature that is an “inventive concept” which cures the deficiencies of their respective independent claims. None of the additional elements taken individually or when taken as an ordered combination amount to significantly more than the abstract idea. Accordingly, these dependent claims are patent-ineligible.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Tavabi et al. (US 20220229912) (hereinafter Tavabi).
Regarding claim 1, Tavabi discloses a system, comprising:
a memory that stores computer executable components (Tavabi: paragraphs 0045-0046, “include various hardware components, such as a processor 502, a main memory 504 (e.g., a system memory), and a system bus 501 that couples various components of the computing device 500 to the processor 502.”); and
a processor that executes the computer executable components stored in the memory (Tavabi: paragraphs 0045-0046, “include various hardware components, such as a processor 502, a main memory 504 (e.g., a system memory), and a system bus 501 that couples various components of the computing device 500 to the processor 502.”), wherein the computer executable components comprise:
a map component that defines mappings between vulnerability data representing a vulnerability of a computing resource and attack data representing at least one attack technique (Tavabi: paragraphs 0034, 0036 and 0041, “Given a set of posts discussing vulnerabilities and the ground truth data 111 that includes positive examples (vulnerabilities for which exploits exist in the wild), the classifier 113 is trained to recognize posts from the textual information 103 that discuss exploited vulnerabilities. Vectors representing post embeddings and a number of times a vulnerability was mentioned in D2Web (frequency of mention) are used as features 107 for building, training, and/or configuring the classifier”); and
an estimation component that analyzes the mappings to estimate a probability that the vulnerability will be exploited to attack the computing resource (Tavabi: Table 2 
    PNG
    media_image1.png
    311
    486
    media_image1.png
    Greyscale
; and paragraphs 0034 and 0043-0044, “Then, given a new post mentioning a vulnerability, the classifier 113 predicts whether that vulnerability will be exploited by generating the exploit prediction” … “Some general words indicative of exploitation identified using the present system are “exploit”, “vulnerable” and “push” while those associated with low exploitation probability are “long”, “char” and “local”. Table 2 shows words related to software identified by the disclosed model to positively and negatively impact exploitability. It was observed that the software detected correlate with the exploits in the wild. For example, more than 50% of the vulnerabilities of Flash, Adobe, and Microsoft were exploited, whereas none of vulnerabilities associated with iOS, Samba and Android were exploited.”).
Regarding claim 8, the claim 8 discloses a method claim that is substantially equivalent to the system of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 8 and rejected for the same reasons.
Regarding claim 15, the claim 15 discloses a product claim that is substantially equivalent to the system of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons.
Regarding claims 2, 9 and 16, Tavabi discloses wherein the computer executable components further comprise: a security component that uses the mappings to identify one or more attacker entities having a defined probability of exploiting the vulnerability to attack the computing resource (Tavabi: paragraph 0036, “The exploit prediction framework 101 was tested using a dataset of the textual information 103 containing almost 2,500,000 messages posted on a variety of darkweb and deepweb sites over a period from 2010 through 2017. These posts were in 17 different languages, with English, Arabic, and Russian being the most common languages. Vulnerabilities mentioned in D2Web posts were identified using regular expression patterns to match CVEs (Common Vulnerabilities and Exposures), the unique identifiers of vulnerabilities. Since the goal is to predict vulnerabilities that are likely to be exploited, the posts referencing vulnerabilities after the exploitation date were removed from the data. …. For the posts mentioning more than one vulnerability, only the less frequently mentioned CVE was considered. The ground truth data 111 was obtained from two sources: (1) Symantec's anti-virus and Intrusion Detection Systems attack signatures and (2) a database of the exploits deployed for Metasploit.”).
Regarding claims 3, 10 and 17, Tavabi discloses wherein the computer executable components further comprise: a security component that uses the mappings to generate at least one of a threat model, a vulnerability management model, or a risk management model corresponding to at least one of the vulnerability, the computing resource, the at least one attack technique, or an attacker entity, thereby facilitating improved protection of the computing resource (Tavabi: paragraphs 0015, 0022-0023 and 0030, “the framework leverages a neural language modeling approach in order to learn low dimensional context-based distributed representations, i.e., embeddings, of darkweb/deepweb discussions which may then be used to predict whether vulnerabilities, associated with software, hardware, or combinations thereof, will be exploited. By capturing context and/or linguistic regularities of human language, such as syntactic, semantic similarity and logic analogy, the learned embeddings accommodate more accurate classification of discussions about exploited vulnerabilities which is a technical improvement to general text analysis exploit prediction methods”).
Regarding claims 4, 11 and 18, Tavabi discloses wherein the computer executable components further comprise: a security component that uses the mappings to perform a penetration test on one or more computing resources (Tavabi: paragraphs 0037 and 0041, “Symantec attack signatures report exploits detected in the wild and their corresponding vulnerabilities, along with the time the exploit was discovered. Metasploit is a popular open source penetration testing framework which allows usage of install-and-test exploits developed by the cybersecurity community and a company called Rapid7. Each Metasploit's exploit is reported with the date it was deployed. The vulnerabilities mentioned on D2Web were labeled positive, if they have a corresponding attack signature in Symantec's list or exploits available on Rapid7's site, and negative otherwise. Of the CVE mentioned on D2Web, only 149 are classified as exploited—these represent only 8% of the vulnerabilities in the dataset.”).
Regarding claims 5, 12 and 19, Tavabi discloses wherein the map component employs a model to define the mappings using a similarity learning process (Tavabi: paragraphs 0015 and 0030, “the framework leverages a neural language modeling approach in order to learn low dimensional context-based distributed representations, i.e., embeddings, of darkweb/deepweb discussions which may then be used to predict whether vulnerabilities, associated with software, hardware, or combinations thereof, will be exploited. By capturing context and/or linguistic regularities of human language, such as syntactic, semantic similarity and logic analogy, the learned embeddings accommodate more accurate classification of discussions about exploited vulnerabilities which is a technical improvement to general text analysis exploit prediction methods”).
Regarding claims 6, 13 and 20, Tavabi discloses wherein the map component employs a model to refine the mappings using an active learning process, and wherein the mappings are refined based on expert entity feedback (Tavabi: paragraphs 0022, 0038 and 0040, “Another embodiment of the classifier 113 was trained to recognize vulnerabilities discussed in posts that will be subsequently exploited. F.sub.1 score and AUC (area under the “Receiver Operating Characteristics” curve) were used to evaluate classification performance. To optimize performance, parameters may be tuned to the data.”).
Regarding claims 7 and 14, Tavabi discloses wherein the computer executable components further comprise: a collection component that monitors at least one vulnerability data feed source and at least one attack data feed source, and wherein the collection component further collects the vulnerability data from the at least one vulnerability data feed source and the attack data from the at least one attack data feed source (Tavabi: paragraphs 0022-0023 and 0038, “In some embodiments, the features 107 may also include a CVSS score and exploitDB. The features 107 may then be used as inputs to a classifier 113 along with ground truth 111, to train the classifier 113 to predict whether vulnerabilities mentioned in posts or other forms of the textual information 103 will be exploited; i.e., the classifier 113 is configured to output an exploit prediction 115 by processing information associated with communications involving a vulnerability.”… “Another embodiment of the classifier 113 was trained to recognize vulnerabilities discussed in posts that will be subsequently exploited. F.sub.1 score and AUC (area under the “Receiver Operating Characteristics” curve) were used to evaluate classification performance. To optimize performance, parameters may be tuned to the data”).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431