Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/01/2022 and 12/02/2022 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Previous Indication Allowable Subject Matter
The previous indicated allowability of claim 3, which the subject matter was incorporated in claim 1, is withdrawn in view of the newly discovered reference(s) in light of the IDS filed on 12/02/2022.  Applicant's submission of an information disclosure statement under 37 CFR 1.97(c) with the fee set forth in 37 CFR 1.17(p) on 12/02/2022 prompted the new ground(s) of rejection presented in this Office action. Rejections based on the newly cited reference(s) follow.

Response to Arguments
Applicant’s arguments, see pg. 10-11, filed 11/01/2022, with respect to the rejection(s) of claim(s) 1, 4, 5, 8, 11, 12, 15, 18 and 19 under U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Risoldi et al. (US 2020/0311630 A1), Nhlabatsi et al. (US 2020/0351295 A1) and Attar et al. (US 20210288995 A1) with an earliest priority date of 3/16/2020. It is also noted, Ashkenazy et al. (US 10382473 B1) discloses a similar algorithm for calculating the “cost of exploitation” score for each branch of an attack path, but fails to explicitly teach a formula.
In the prior office action, the Examiner indicated claims 2-3, 9-10 and 16-17 as containing allowable subject matter. Cancelled claims 3, 10 and 17, however, contain subject matter that has been found to be unpatentable over the prior art. Specifically in regard to the “single path formula” as disclosed in the amended claims 1, 8, and 15, and the cancelled claims 3, 10 and 17, Attar et al. discloses the same formula in the same context. The following excerpts from Attar et al. disclose the limitations in question:
Par. [0062] “The term “network attack graph” as used herein, refers to a model or analysis configured to provide data regarding a network's topology, segmentation, vulnerability, etc. A network attack graph may represent all the possible ways in which an attacker spreads across different segments of a certain network by using, for example, various exploitations of vulnerabilities, which may exist on said network. A network attach graph may describe, for example, multiple attack paths, each representing a sequence of steps necessary to implement an attack. The attack paths may be executed, for example, by aggregation of individual exploits of existing vulnerabilities. Attack graph analysis provides complementary capabilities to the traditional vulnerability analysis, which relies solely on vulnerability scanning.”
Par. [00139] “In operation 402, edge sums may be obtained for each edge by summing the vulnerability scores of all the vulnerabilities of a respective edge. According to some embodiments, this may be performed using the following expression:

EdgeSum ( u , v ) = .Math. e ∈ Exploits ( u , v ) VulnerabilityScore ( e )” 
	The term “vulnerability score” is synonymous with the term “hardness value” of the present disclosure. Examiner recognizes the prior art fails to teach or suggest the “multi-path formula” of claims 2, 9 and 16 of the present disclosure.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4, 5, 8, 11, 12, 15, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Risoldi et. al. (U.S Patent Application Publication No. 20200311630 A1), in view of 
Nhlabatsi et. al. (U.S Patent Application Publication No. 20200351295 A1) 
and Attar et al. (US 2021/0288995 A1) with a priority date of 3/16/2020.

Regarding claim 1, Risoldi discloses A computer-implemented method for security of
enterprise networks (Par. [0027], The ARM 110 evaluates risk on a variety of scales to comprehensively contextualize the risk of the enterprise system, allowing fine-grained risk visualization.), the method being executed by one or more processors and comprising:
receiving analytical attack graph (AAG) data representative of one or more AAGs ( Par. [0068], The ARM 110 retrieves 415 data for the assets of the identified asset topography from the database 150. The ARM 110 determines 420 likelihood scores and impact scores for the assets. The ARM 110 constructs 425 a model attack graph for the asset topography and calculates 430 risk scores for the assets), 
each AAG representing one or more lateral paths between configuration items ( Par. [0066], FIG. 3 includes a model attack graph 300 illustrating an asset topology including a CMO, an endpoint, an intranet server, and a crown jewel application server. The model attack graph 300 includes various paths that could be taken during an attack.) within an enterprise network (Par. [0066], The ARM 110 simulates threat scenarios affecting assets of the enterprise system 140);

determining that at least one process risk value exceeds a threshold process risk value (Par. [0042], The application server 130 may specifically generate user interfaces detailing the risk scores of third-party vendors, and send alerts (e.g., to managers of the ARM 110) when the risk scores of third- party vendors reach or exceed a threshold risk score value.), 
and in response, adjusting one or more security controls within the enterprise network ( Par. [0082], The application server 130 displays a list of targeted recommendations for a particular asset on the particular asset's panel. In this way, controls for addressing vulnerabilities may be automatically collected, analyzed, and recommended, with prioritization of high-risk vulnerabilities that have breached the threshold for the measure of effectiveness for the respective control. In some embodiments, some or all of the recommendations (Recommendations are listed in par. [0081]) may be automatically implemented. For example, security patches may be automatically applied to a system.).

Risoldi discloses a method of using attack graphs to generate risk scores. The method adjusts one or more security controls based on a determination that the risk scores exceeds a certain threshold. Risoldi fails to disclose the particular methods of calculating risk scores for configuration items.

However, Nhlabatsi teaches calculating, for each configuration item in a set of configuration items, a process risk value for each impact in a set of impacts achievable within the configuration item (Par. [0030], The example risk evaluation system 104 may also include a risk calculator 160 configured to generate relevant threat sets 162, 164 for each vulnerability 142, 144 of each component 112, 114, 116 and to calculate a component risk 170 for each component 112, 114, 116 based on its relevant threat set 162, 164.), 
for a first impact, a first process risk value being calculated based on a multi-path formula in response to determining that multiple paths in the AAG lead to the first impact (Par. [0048], In some embodiments, as an attacker 302 advances through a path, each successful compromise of a component 112, 114, 116 constitutes a risk of that component 112, 114, 116. Thus, in such embodiments, the path risk 172 for all relevant threats 132, 134, 136, 138 is asum of all the component risks 170 of each component 112, 114, 116 in the path and may be calculated by Equation 6 below), and, 
for a second impact, a second process risk value being calculated based on a single-path formula (Par. [0048], The path risk 172 may also be calculated from a subset of threats 132, 134, 136, 138 in one or more relevant threat sets 162, 164, for example, from Equation 7 below.) 
in response to determining that a single path in the AAG leads to the second impact (Par. [0058], The example screen 600 may also include a section for all of the possible path risks 172 for a selected component 112, 114, 116. For example, in the illustrated embodiment, because the authentication server 308 is the selected component 112, 114, 116 as stated above, the path risk 172 is shown of the only possible path an attacker 302 could take to reach the authentication server 308 (i.e., 302-306-308). An attacker 302 could not reach the authentication server 308 through the database server 312 in the illustrated embodiment because, as indicated by the model, there is not a connection from the database server 312 to the authentication server 308.)); 
Risoldi and Nhlabatsi are considered analogous references to the claimed invention as they both pertain to a method of calculating risk scores for components of a network based on attack graphs.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Risoldi using the method of calculating risks by aggregating the risk scores of components along an attack path as taught by Nhlabatsi. Such modifications will take into consideration the vulnerabilities of all components along an attack path leading to a particular impact and help adjust security controls accordingly.

Risoldi in view of Nhlabatsi fail to disclose the specific single path formula.
However, Attar discloses wherein the single-path formula is:                         
                            
                                
                                    H
                                
                                
                                    p
                                    a
                                    t
                                    h
                                    ,
                                    
                                        
                                            I
                                        
                                        
                                            i
                                        
                                    
                                
                            
                            =
                            
                                ∑
                                
                                    
                                        
                                            
                                                
                                                    H
                                                
                                                
                                                    
                                                        
                                                            I
                                                        
                                                        
                                                            i
                                                            -
                                                            1
                                                        
                                                    
                                                
                                            
                                            ,
                                             
                                            …
                                        
                                    
                                
                            
                        
                     where                         
                            
                                
                                    H
                                
                                
                                    p
                                    a
                                    t
                                    h
                                    ,
                                    
                                        
                                            I
                                        
                                        
                                            i
                                        
                                    
                                
                            
                        
                     is a path hardness value representing a difficulty to reach impact                         
                            
                                
                                    I
                                
                                
                                    i
                                
                            
                            ,
                             
                            
                                
                                    H
                                
                                
                                    
                                        
                                            I
                                        
                                        
                                            i
                                            -
                                            1
                                        
                                    
                                
                            
                        
                    is a hardness value to achieve impact                         
                            
                                
                                    I
                                
                                
                                    i
                                    -
                                    1
                                
                            
                        
                     preceding                         
                            
                                
                                    I
                                
                                
                                    i
                                
                            
                        
                     in the AAG. ([0062] “The term “network attack graph” as used herein, refers to a model or analysis configured to provide data regarding a network's topology, segmentation, vulnerability, etc. A network attack graph may represent all the possible ways in which an attacker spreads across different segments of a certain network by using, for example, various exploitations of vulnerabilities, which may exist on said network. A network attach graph may describe, for example, multiple attack paths, each representing a sequence of steps necessary to implement an attack. The attack paths may be executed, for example, by aggregation of individual exploits of existing vulnerabilities. Attack graph analysis provides complementary capabilities to the traditional vulnerability analysis, which relies solely on vulnerability scanning.”; Par. [00139] “In operation 402, edge sums may be obtained for each edge by summing the vulnerability scores of all the vulnerabilities of a respective edge. According to some embodiments, this may be performed using the following expression: EdgeSum ( u , v ) = .Math. e ∈ Exploits ( u , v ) VulnerabilityScore ( e )”)
Attar is analogous because it discloses a method for vulnerability analysis of network attack graphs. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Risoldi in view of Nhlabatsi to incorporate the teachings of Attar to include wherein the single-path formula is:                         
                            
                                
                                    H
                                
                                
                                    p
                                    a
                                    t
                                    h
                                    ,
                                    
                                        
                                            I
                                        
                                        
                                            i
                                        
                                    
                                
                            
                            =
                            
                                ∑
                                
                                    
                                        
                                            
                                                
                                                    H
                                                
                                                
                                                    
                                                        
                                                            I
                                                        
                                                        
                                                            i
                                                            -
                                                            1
                                                        
                                                    
                                                
                                            
                                            ,
                                             
                                            …
                                        
                                    
                                
                            
                        
                     where                         
                            
                                
                                    H
                                
                                
                                    p
                                    a
                                    t
                                    h
                                    ,
                                    
                                        
                                            I
                                        
                                        
                                            i
                                        
                                    
                                
                            
                        
                     is a path hardness value representing a difficulty to reach impact                         
                            
                                
                                    I
                                
                                
                                    i
                                
                            
                            ,
                             
                            
                                
                                    H
                                
                                
                                    
                                        
                                            I
                                        
                                        
                                            i
                                            -
                                            1
                                        
                                    
                                
                            
                        
                    is a hardness value to achieve impact                         
                            
                                
                                    I
                                
                                
                                    i
                                    -
                                    1
                                
                            
                        
                     preceding                         
                            
                                
                                    I
                                
                                
                                    i
                                
                            
                        
                     in the AAG. Such modifications would be motivated to calculate a metric of how exploitable, in other words, the total difficulty of the attack path.
Apparatus claims 8 and 15 relate to the method of claim 1. The apparatus methods 8 and 15 perform the method of claim 1. Therefore claims 8 and 15 are rejected on similar grounds as claim 1.

Regarding claims 4-5, 11-12 and 18-19, the claims remain in their original forms. Therefore, claims 4-5, 11-12 and 18-19 are rejected on similar grounds as the prior office action filed 8/4/2022.

Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Risoldi in view of Nhlabatsi, Attar and further in view of Levy et. al. (U.S Patent Application Publication No. 20190319987 A1).

	Regarding claims 6, 13 and 20, the claims remain in their original form. Therefore, claims 6, 13 and 20 are rejected on similar grounds as in the prior office action filed 8/4/2022.

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Risoldi in view of
Nhlabatsi, Attar and further in view of Berger et. al. (U.S Patent No. 11283824 B1), hereinafter Berger.

	Regarding claims 7 and 14, the claims remain in their original form. Therefore, claims 7 and 14 are rejected on the similar grounds as the prior office action filed 8/4/2022.

Allowable Subject Matter
Claims 2, 9, and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claims 21-23 are allowed.
The following is a statement of reasons for the indication of allowable subject matter: 
Claims 21-23 incorporate the allowable subject matter of claims 2, 9 and 16. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ashkenazy et al. (US 10382473 B1) – Regarding providing recommendation for improving the security of a networked system against attackers.
Kruse et al. (US 2021/0105294 A1) – Regarding assessing potential cybersecurity threats to a subject system involving generating an attack graph and determining an exploitability score.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA NEIL GONZALES whose telephone number is (571)272-0286. The examiner can normally be reached 10:00 AM-2:00 PM; 3:00 PM-7:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
	





/J.N.G./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496