Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Arguments
Applicant's arguments filed 2/19/2026 have been fully considered, and when taken as a whole are persuasive. Responsive to the amended claim language further specifying the “aggregating the impact level”, the previous grounds of rejection utilizing Chawla have been withdrawn and a new grounds of rejection presented in view of Abedin (Abedin, Muhammad, et al. "Vulnerability analysis for evaluating quality of protection of security policies." Proceedings of the 2nd ACM workshop on Quality of protection. (Year: 2006)).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 4, 5, 8, 11, 12, 15, 18 - 19, and 21 – 23 are rejected under 35 U.S.C. 103 as being unpatentable over Sobel (US-7536724-B1) in view of Duan (US-20200358743-A1), Liu (Liu and Zhang. English translation of CN 110365689 A. (Year: 2019)), and Abedin (Abedin, Muhammad, et al. "Vulnerability analysis for evaluating quality of protection of security policies." Proceedings of the 2nd ACM workshop on Quality of protection. (Year: 2006)). Regarding claim 1, Sobel shows A method comprising: determining a plurality of services exposed (col. 3 lines 16-22, col. 3 lines 43-47, col. 5 liens 20-33, col. 5 lines 46-49) by one or more open ports (col. 5 lines 60-64) of an entity (e.g., a host, as discussed in col. 4 line 55), and creating a profile that includes an association between ports, and services, and an impact level of each of the services (col. 3 lines 44-48, col. 4 lines 55-67, col. 5 lines 4-38; as discussed in col. 4 lines 40-43 and col. 5 lines 46-52, a risk profile is created for all services), wherein at least one service of the plurality of services runs on a port of the one or more open ports with respect to the at least one service (col. 3 lines 16-22, col. 3 lines 43-47, col. 4 lines 7-11); determining, by a processing device, an impact level that is associated with each of the plurality services corresponding to each of the one or more open ports of the entity based on the impact level of the services (col. 5 lines 30-36, col. 4 lines 55-67 discussing “weights” expressing “how much . . . a service is to be protected”); and determining, by the processing device, a risk level associated with the entity based at least in part on the impact level corresponding to each of the one or more services (col. 4 lines 40-43, col. 5 lines 46-52) that is exposed by the one or more open ports of the entity (where weights and risk profiles are used to determine risk levels, as discussed in col. 5 lines 20-53 and col. 6 lines 2-3). Sobel does not show referencing a mapping list. Duan shows based on referencing a mapping list ([6, 9], Fig. 4, and pg. 5, Table 2), including using the list to determine a first service ([6,9,17], note determining a first service is implicit when performing an evaluation of each and every service).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the network monitoring techniques of Sobel with the monitoring and security analysis techniques of Duan, including the mapping list storage and utilization shown in Duan, in order to ensure efficient evaluation of stored network correspondence data (Duan, [4-7].
The above combination does not show consideration of non-default ports. Liu shows consideration of non-default ports (pg. 2 lines 61-68, pg. 3 lines 39-42, pg. 4 lines 47-50, pg. 4 line 68-pg. 5 line 10, pg. 6 lines 22-34, discussing utilization of a “service rule database” and comparing the “default service” associated with an open port, based on the database, with a “real service” actually executing on said port; when the “real service” does not match the “default service”, then the “real service” is running on a non-default port).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the service and port evaluations of Liu in order to quickly and efficiently scan for executing services helping to avoid potential attacks (Liu, pg. 1 lines 50 – 70).
The above combination does not aggregation of the impact level, wherein aggregating the impact level corresponding to each of the plurality of services comprises aggregating different impact levels associated with different exposed services among the plurality of services. Abedin suggest aggregation of the impact level, wherein aggregating the impact level corresponding to each of the plurality of services comprises aggregating different impact levels associated with different exposed services among the plurality of services (discussing aggregation via formulation of a combined score reflecting “frequency” and “severity” (analogous to “impact level”) of a “set of exposed services”, as discussed on pg. 1 L24-L28, R40-R55, pg. 2 L51-L58, R6-R17, R36-R39, and pg. 3 L25-L35).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the aggregation techniques of Abedin in order to ensure the security positive evaluation of the resultant invention more accurately reflects the multitude of factors that impact the monitored network environment (Abedin, Abstract).
Regarding claim 4, the above combination shows w herein the mapping list comprises a collection of port and service associations of different devices (Duan, [6,9,17], Fig. 4, and pg. 5 Table 2).
Regarding claim 5, the above combination further shows wherein determining the plurality of services exposed by the one or more open ports of the entity further comprises: monitoring network traffic associated with the entity (Duan, [6, 9], Fig. 4, and pg. 5, Table 2); and determining a second service of the plurality of services (Sobel, col. 4 lines 40-43, col.5 lines 46-52, where determining a second service is implicit when all of a plurality of services are evaluated) based on the network traffic associated with the entity (Duan, [6, 9], Fig. 4, and pg. 5, Table 2).
Regarding claims 8 and 15, the limitations of said claims are addressed in the analysis of claim 1.
Regarding claims 11 and 18, the limitations of said claims are addressed in the analysis of claim 4.
Regarding claims 12 and 19, the limitations of said claims are addressed in the analysis of claim 5.
Regarding claim 21, the above combination shows providing a risk assessment of the entity based on the risk level (Sobel, col. 5 lines 35-39).
Regarding claims 22 and 23, the limitations of said claims are addressed in the analysis of claim 21.
Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Sobel in view of Duan, Liu, and Abedin as applied to claim 1 above, further in view of Chawla (US-20190289029-A1).
Regarding claim 7, the above combination shows claim 1. The above combination does not show updating a software component associated with the entity or performing network segmentation based on the risk level. Chawla shows updating a software component associated with the entity or performing network segmentation based on the risk level ([24,27,53,105-109]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the risk response of Chawla in order to mitigate security concerns, improving network reliability.
Regarding claim 14, the limitations of said claim are addressed in the analysis of claim 7.
Claims 3, 10, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Sobel in view of Duan, Liu, and Abedin as applied to claim 1 above, further in view of Kazemeyni (US-20220159026-A1).
Regarding claim 3, the above combination shows herein determining the plurality of services exposed by the one or more open ports of the entity comprises:
monitoring network traffic associated with the one or more open ports, the network traffic comprising one or more properties associated with the one or more open ports (Duan, [17] and pg. 5, Table 2). The above combination does not show identifying the one or more open ports based on the one or more properties of the one or more open ports associated with the network traffic. Kazemeyni shows identifying the one or more open ports based on the one or more properties of the one or more open ports associated with the network traffic ([31, 48-55] and Figs. 2 and 4).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the network data collection and reporting of Kazemeyni in order to prioritize review of the data most likely to be indicative of a security concern, enabling improvements to network operation and stability.
Regarding claims 10 and 17, the limitations of said claims are addressed in the analysis of claim 3.
Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sobel in view of Duan, Liu, and Abedin, as applied to claim 1 above, further in view of Sejimo (US-20180115562-A1).
Regarding claim 6, the above combination shows claim 5, including identification of multiple ports and services (and thus of a second service; e.g., Sobel, col. 4 lines 40-43, col.5 lines 46-52, where determining a second service is implicit when all of a plurality of services are evaluated) The above combination does not show performing deep packet inspection (DPI) on the network traffic that is associated with the entity and identifying one or more protocols used through the DPI. Sejimo shows performing deep packet inspection (DPI) on the network traffic that is associated with the entity and identifying one or more protocols used through the DPI (Fig. 1, [2]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the above combination with the DPI use of Sejimo in order to utilize more advanced and detailed analysis of network traffic, and thus to leverage additional available tools, in order to perform a more complete and accurate evaluation of the detected network traffic. Regarding claims 13 and 20, the limitations of said claims are addressed in the analysis of claim 6.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. This includes:
Tupper (Tupper, Melanie, and A. Nur Zincir-Heywood. "VEA-bility security metric: A network security analysis tool." 2008 Third International Conference on Availability, Reliability and Security. IEEE. (Year: 2008)).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN M MACILWINEN whose telephone number is (571)272-9686. The examiner can normally be reached Monday - Friday, 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton B Burgess can be reached at (571) 272 - 3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
JOHN MACILWINEN
Primary Examiner
Art Unit 2442
/JOHN M MACILWINEN/Primary Examiner, Art Unit 2454