DETAILED ACTION
This office action is in response to the original application filed on July 20 2021.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 


Claims 1-20 are pending.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claim limitation “means for identifying …, means for calculating …, and means for providing ….” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification lacks to provide adequate structure to perform the claimed function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:

A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Leclerc (US Pub. No. 2006/0265324).
.
	As per claim 1 Leclerc discloses:
An apparatus, comprising: an asset module that identifies a plurality of network assets of a data network, the plurality of network assets comprising a plurality of interconnected physical and virtual computing components; (paragraph 26 of Leclerc, A security state data structure, in accordance with one embodiment, includes a data field storing information identifying an asset of a communication network, and a data field storing security state information) and (paragraph 51 of Leclerc, assets 24, in the example of a communication network, are components of the network and may be either physical or logical) and (paragraph 92 of Leclerc, as noted above, an asset may be a physical or logical component of a communication network. In the system 100 of FIG. 5, the personal computer (PC) 101 and the SPARC workstation 103 are physical assets, and the operating systems 102, 104, the Internet (www) server 106, and the database 108 are logical assets).
A risk module that calculates a risk level for each of the plurality of network assets based on a plurality of factors, the risk level describing a threat that an asset is to the data network being capable of functioning at a predetermined service level; (paragraph 13 of Leclerc, the risk analyzer, in one embodiment, includes a direct exposure calculator configured to determine a direct exposure risk to the asset based on the vulnerabilities affecting the asset, an indirect exposure calculator configured to determine an indirect exposure risk to the asset based on vulnerabilities affecting each other asset and associated with the asset).
An interface module that provides an interactive interface that graphically presents the data network and visually highlights each of the plurality of network assets according to their calculated risk levels, (paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88).
Wherein at least a portion of said modules comprise one or more of hardware circuits, programmable hardware circuits and executable code, the executable code stored on one or more computer readable storage media. (Paragraph 107 of Leclerc, the calculators 112, 114, 116, 118, 120 may be implemented, for example, in software which is executed by a processor, although hardware-based embodiments and embodiments in which calculation functions are implemented using some combination of hardware and software are also contemplated).

As per claim 2 Leclerc discloses:
The apparatus of claim 1, further comprising a value module that calculates an asset value score for each of the plurality of network assets, the asset value score for an asset indicating an importance of the asset to the data network being capable of functioning at a predetermined service level. (Paragraph 132 of Leclerc, the asset data structure 140 of FIG. 7B includes an asset identifier 142, an asset type 144, an asset value 146, and an asset profile 148. The identifier 142 uniquely identifies the asset using a user-defined name for instance. The asset type field 144 may indicate the type of asset, as a physical or logical asset as described above, and/or provide more detail as to the nature of the asset, such as any service or mission to which the asset is critical or important. The asset value 146 indicates one or more values of the asset, such as a value in terms of (C, I, A) security dimension and/or a dollar value).

As per claim 3 Leclerc discloses:
The apparatus of claim 2, wherein the value module calculates the asset value score for the asset based on at least one of a neighborhood size associated with the asset, a number of dependencies for the asset, a number of dependencies that have an asset value score that satisfies a threshold, a number of service groups directly associated with the asset, and a number of service groups indirectly associated with the asset. Paragraph 132 of Leclerc, the asset data structure 140 of FIG. 7B includes an asset identifier 142, an asset type 144, an asset value 146, and an asset profile 148. The identifier 142 uniquely identifies the asset using a user-defined name for instance. The asset type field 144 may indicate the type of asset, as a physical or logical asset as described above, and/or provide more detail as to the nature of the asset, such as any service or mission to which the asset is critical or important. The asset value 146 indicates one or more values of the asset, such as a value in terms of (C, I, A) security dimension and/or a dollar value) and (paragraph 103 of Leclerc, the type of propagation between assets may be dependent upon the relationship between those assets. For example, a depends-on relationship between A and B might indicate that asset A's availability depends-on asset B's availability).

As per claim 4 Leclerc discloses:
The apparatus of claim 2, wherein the interface module visually highlights the plurality of network assets according to their asset value score within the interactive interface. (paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88).

As per claim 5 Leclerc discloses:
The apparatus of claim 1, wherein the risk level is calculated based on an average metric for the plurality of factors, the plurality of factors comprising an impact factor, a security factor, a health factor, and a reliability factor for an asset and the average metric comprising an average of an impact metric, a security metric, a health metric, and a reliability metric. (paragraph 13 of Leclerc, the risk analyzer, in one embodiment, includes a direct exposure calculator configured to determine a direct exposure risk to the asset based on the vulnerabilities affecting the asset, an indirect exposure calculator configured to determine an indirect exposure risk to the asset based on vulnerabilities affecting each other asset and associated with the asset).

As per claim 6 Leclerc discloses:
The apparatus of claim 5, wherein the impact metric is determined based on at least one of a number of neighboring assets, a number of dependencies, a number of dependencies to high value assets, a number of service groups directly associated with the asset, a number of service groups indirectly associated with the asset, an asset value score, and an asset type. (Paragraph 41 of Leclerc, A form of business risk may be calculated by assessing both the likelihood of an attack and damage potential as measured by business impact variables. Risk factors might be determined at a detailed level, taking into account various attack scenarios and vulnerability) and (paragraph 151 of Leclerc, as described above, assets may have relationships such as "depends-on" relationships between them. For example, a web server A might depend on a database server B. In this case, A's functionality relies on B functioning correctly and being reachable through the network. To determine reachability, other assets in the network, as well as "cabled-to" and "runs-on" relationships between A and B, are taken into account).

As per claim 7 Leclerc discloses:
The apparatus of claim 5, wherein the security metric is determined based on at least one of a number of authorized changes, a number of unauthorized changes, a number of vulnerabilities, a benchmark number of vulnerabilities, an asset type, and a number of neighbors to the asset that have a risk level that satisfies a predetermined threshold. (Paragraph 12 of Lecterc, a security risk to the asset may be determined by the risk analyzer based on the vulnerabilities affecting the asset and the vulnerabilities affecting each other asset and associated with the asset).

As per claim 8 Leclerc discloses:
The apparatus of claim 5, wherein the health metric is determined based on at least one of an average percentage of available processing, an average percentage of available memory, an average percentage of available storage, an average availability percentage, and an average network capacity. (Paragraph 43 of Leclerc, business risk calculations use attack likelihood based on path determination, i.e., determining a chain of vulnerabilities and assets used to complete an attack. In a large and complex network it is extremely difficult, and thus impractical if not effectively impossible, to determine an attack path for every possible attack and therefore its likelihood).

As per claim 9 Leclerc discloses:
The apparatus of claim 5, wherein the reliability metric 1s determined based on at least one of a number of critical alerts, a number of incidents, a benchmark number of critical alerts, and a benchmark number of incidents. (Paragraph 114  of Leclerc, the calculators in the system 110 may access the databases 112, 124 to obtain information on vulnerabilities and assets, and/or obtain information output from other calculators for use in further calculations, as in the case of the rusj calculator 112 and the total exposuree calculator 114).

As per claim 10 Leclerc discloses:
The apparatus of claim 5, wherein the risk module assigns a weight to at least one of the plurality of factors, the assigned weight indicating an importance of a factor relative to other factors of the plurality of factors and used in the calculation of the risk level. (paragraph 157 of Lecterc, relationship evaluation, there may be several attributes to take into account, including the types of the assets at the endpoints of the relationship, the direct exposure values of those assets, a scaling factor associated with the relationship, and the exposure value for the path between those assets).

As per claim 11 Leclerc discloses:
The apparatus of claim 1, further comprising a forecast module that predicts an impact that each of the plurality of network assets has on the capability of the data network functioning at a predetermined service level based on the calculated risk level and the plurality of factors for each of the plurality of network assets. (Paragraph 165 of Leclerc, n estimate of security risk is then determined at 174 using the total exposure and the asset value, and an indication of security risk is provided).

As per claim 12 Leclerc discloses:
The apparatus of claim 1, wherein the interface module presents each of the plurality of network assets in the interactive interface and, in response to receiving a selection of one of the presented network assets, presents the calculated risk level and metrics for each of plurality of factors used to calculate the risk level for the selected network asset. (Paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88).

As per claim 13 Leclerc discloses:
The apparatus of claim 1, wherein the interactive interface comprises a graphical network topology map illustrating each of the plurality of network assets and network connections between the plurality of network assets, each of the plurality of network assets graphically represented on the network topology map and highlighted according to the calculated risk level for the network asset. (Paragraph 45 of Leclerc, Embodiments of the invention provide advanced risk exposure management techniques. A flexible security model provides a flexible asset representation model for mission- and/or service-specific assets deployed in a communication network as well as physical/logicall topology of the network),

As per claim 14 Leclerc discloses:
The apparatus of claim 1, wherein the interactive interface comprises a graphical heatmap for at least a subset of the plurality of network assets that involved in delivering a service, the graphical heatmap providing a color-coding scheme for indicating the calculated risk level for each of a subset of the plurality of network assets that are involved in delivering the service. (Paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88).

As per claim 15 Leclerc discloses:
The apparatus of claim 1, wherein the plurality of network assets graphically presented within the interactive interface are sortable on the plurality of factors that are used to calculate the risk levels the plurality of network assets. (Paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88).

As per claim 16 Leclerc discloses:
 A method, comprising: identifying a plurality of network assets of a data network, the plurality of network assets comprising a plurality of interconnected physical and virtual computing components; (paragraph 26 of Leclerc, A security state data structure, in accordance with one embodiment, includes a data field storing information identifying an asset of a communication network, and a data field storing security state information) and (paragraph 51 of Leclerc, assets 24, in the example of a communication network, are components of the network and may be either physical or logical) and (paragraph 92 of Leclerc, as noted above, an asset may be a physical or logical component of a communication network. In the system 100 of FIG. 5, the personal computer (PC) 101 and the SPARC workstation 103 are physical assets, and the operating systems 102, 104, the Internet (www) server 106, and the database 108 are logical assets).
Calculating a risk level for each of the plurality of network assets based on a plurality of factors, the risk level describing a threat that an asset is to the data network being capable of functioning at a predetermined service level; (paragraph 13 of Leclerc, the risk analyzer, in one embodiment, includes a direct exposure calculator configured to determine a direct exposure risk to the asset based on the vulnerabilities affecting the asset, an indirect exposure calculator configured to determine an indirect exposure risk to the asset based on vulnerabilities affecting each other asset and associated with the asset).
Providing an interactive interface that graphically presents the data network and visually highlights each of the plurality of network assets according to their calculated risk levels. (Paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88).

As per claim 17 Leclerc discloses:
The method of claim 16, further comprising calculating an asset value score for each of the plurality of network assets, the asset value score for an asset indicating an importance of the asset to the data network being capable of functioning at a predetermined service level, the plurality of network assets visually highlighted according to their asset value score within interactive interface. . (Paragraph 132 of Leclerc, the asset data structure 140 of FIG. 7B includes an asset identifier 142, an asset type 144, an asset value 146, and an asset profile 148. The identifier 142 uniquely identifies the asset using a user-defined name for instance. The asset type field 144 may indicate the type of asset, as a physical or logical asset as described above, and/or provide more detail as to the nature of the asset, such as any service or mission to which the asset is critical or important. The asset value 146 indicates one or more values of the asset, such as a value in terms of (C, I, A) security dimension and/or a dollar value) and (paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88).

As per claim 18 Leclerc discloses:
The method of claim 16, wherein the risk level is calculated based on an average metric for the plurality of factors, the plurality of factors comprising an impact factor, a security factor, a health factor, and a reliability factor for an asset and the average metric comprising an average of an impact metric, a security metric, a health metric, and a reliability metric. (paragraph 13 of Leclerc, the risk analyzer, in one embodiment, includes a direct exposure calculator configured to determine a direct exposure risk to the asset based on the vulnerabilities affecting the asset, an indirect exposure calculator configured to determine an indirect exposure risk to the asset based on vulnerabilities affecting each other asset and associated with the asset).

As per claim 19 Leclerc discloses:
The method of claim 16, further comprising predicting an impact that each of the plurality of network assets has on the capability of the data network functioning at a predetermined service level based on the calculated risk level and the plurality of factors for each of the plurality of network assets. (Paragraph 165 of Leclerc, n estimate of security risk is then determined at 174 using the total exposure and the asset value, and an indication of security risk is provided)

As per claim 20 Leclerc discloses:
An apparatus, comprising: means for identifying a plurality of network assets of a data network, the plurality of network assets comprising a plurality of interconnected physical and virtual computing components; (paragraph 26 of Leclerc, A security state data structure, in accordance with one embodiment, includes a data field storing information identifying an asset of a communication network, and a data field storing security state information) and (paragraph 51 of Leclerc, assets 24, in the example of a communication network, are components of the network and may be either physical or logical) and (paragraph 92 of Leclerc, as noted above, an asset may be a physical or logical component of a communication network. In the system 100 of FIG. 5, the personal computer (PC) 101 and the SPARC workstation 103 are physical assets, and the operating systems 102, 104, the Internet (www) server 106, and the database 108 are logical assets).
Means for calculating a risk level for each of the plurality of network assets based on a plurality of factors, the risk level describing a threat that an asset is to the data network being capable of functioning at a predetermined service level; (paragraph 13 of Leclerc, the risk analyzer, in one embodiment, includes a direct exposure calculator configured to determine a direct exposure risk to the asset based on the vulnerabilities affecting the asset, an indirect exposure calculator configured to determine an indirect exposure risk to the asset based on vulnerabilities affecting each other asset and associated with the asset).
Means for providing an interactive interface that graphically presents the data network and visually highlights each of the plurality of network assets according to their calculated risk levels. (Paragraph 76 of Leclerc, a graphical representation of a network in which assets and risks are shown using icons or images, text, or some combination thereof, may provide a most effective indication of a current security state of the network. In some embodiments, the format and layout of the network map 66 is in accordance with previously established user interface settings stored in the user interface database 88). 

Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Sugarbaker (US Pub. No. 2018/0309778). Sugarbaker discloses: 

Techniques for providing dynamic resource implementation prioritization for a network are provided. In one embodiment, a method includes determining a user of a selected device and assigning a user value based on the user's identity. The method includes determining related devices on the network by evaluating user behavior information to identify devices in the network that are in communication with the selected device. The method includes calculating a composite device value based on a value of the selected device, the user value, and values of the related devices. The method includes determining a probability factor for potential security vulnerabilities affecting the selected device and calculating a risk score based on the composite device value and the probability factor. Security measures may be implemented based on a comparison of the calculated risk score for the selected device with a plurality of risk scores for other devices in the network. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TESHOME HAILU/Primary Examiner, Art Unit 2434