GENERATION OF A SECURITY CONFIGURATION PROFILE FOR A NETWORK ENTITY

DETAILED ACTION 1. This action is responsive to an amendment filed on 11/18/2025. 2. Claims 1-12, 14-17, 19 and 21 are pending. Claims 1, 19 and 21 are independent. Amendments to the claims are entered. Response to Arguments 3. The amendment necessitates new ground(s) of rejection. Allowable Subject Matter 4. Claims 10 and 11 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Claim Objections 5. Claim 1 is objected to because of the following informalities: Claim 1 partially recites “the computer system calculating the risk score based on the classification assigned to the first candidate security configuration profile” (emphasis added); however, “the risk score” would render claim 1 objectable for lack of antecedent basis. Thus, “the risk score” should be replaced with “the first risk score”. Similarly, claim 1 also recites “as a result of the computer system determining not to provide the first candidate security configuration towards the network entity” (emphasis added); however, “the first candidate security configuration” would render claim 1 objectable for lack antecedent basis. Thus, “the first candidate security configuration” should be replaced with “the first candidate security configuration profile”. Appropriate correction is required. Claim Rejections - 35 USC § 102 6. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. 8. Claims 1-9, 12, 14-17, 19 and 21 are rejected under 35 U.S.C. 102 as being anticipated by DiMaggio (US PG Pub. 2019/0258807). As regarding claims 1, 19 and 21, DiMaggio discloses A method performed by a computer system, the method comprising: the computer system generating a first candidate security configuration profile for a network entity based on network entity information and deployment information, wherein generating the first candidate security configuration profile involves application of at least one of a machine learning algorithm, a decision tree algorithm, and a random forest algorithm that takes as input the deployment information and produces as output the security configuration profile [para. 28, 40, 85 and 95; scanning device configuration data to generate baseline values]; the computer system calculating a first risk score indicating a first level of risk associated with the generated first candidate security configuration profile [para. 4, 19, 43, 54, 60 and 69; calculating vulnerability score based on the baseline values]; and the computer system determining, based on the calculated first risk score indicating the level of risk associated with the generated first candidate security configuration profile, whether the first candidate security configuration profile is to be provided towards the network entity or not [para. 19, 95, 101, 114 and 118; determining whether to provide adjustment to a device based on determining whether a calculated vulnerability score is greater than a threshold score], wherein calculating the first risk score comprises: the computer system assessing the first candidate security configuration profile using: i) security risk assessment information [para. 28, 40, 85 and 95; scanning device configuration data to generate baseline values for determining vulnerability score], ii) historical information for deployed security configuration profiles [para. 99-100; obtaining historical device security solutions to adjust security vulnerability score], and iii) network environment information [para. 28, 66; scanning cloud and network environments to obtain data for determining vulnerability score]; the computer system assigning a classification to the first candidate security configuration profile based on the assessment of the first candidate security configuration profile [para. 21, 37, 40 and 44; determining a security status of the device]; and the computer system calculating the risk score based on the classification assigned to the first candidate security configuration profile [para. 4, 19, 43, 54, 60 and 69; calculating vulnerability score based on the baseline values]. as a result of the computer system determining not to provide the first candidate security configuration towards the network entity [para. 19, 95, 101, 114 and 118; determining not provide adjustments to the device based on determining the calculated vulnerability score is less than a predetermined threshold score], the method further comprises (para. 48; the following steps are performed again after determining changes to the orientation of the device): the computer system generating a second candidate security configuration profile for the network entity [para. 28, 40, 85 and 95; scanning device configuration data to generate baseline values]; the computer system calculating a second risk score indicating a second level of risk associated with the second candidate security configuration profile [para. 4, 19, 43, 54, 60 and 69; calculating vulnerability score based on the baseline values]; and the computer system determining, based on the second risk score, whether the second candidate security configuration profile is to be provided towards the network entity or not [para. 19, 95, 101, 114 and 118; determining whether to provide adjustment to a device based on determining whether a calculated vulnerability score is greater than a threshold score]. In addition, claim 19 further recites the security configuration entity comprising processing circuitry, the processing circuitry being configured to cause the security configuration entity to perform the steps recited in claim 1. DiMaggio also discloses this additional limitation [130 and 136]. As regarding claim 2, DiMaggio further discloses The method of claim 1, wherein generating the first candidate security configuration profile for the network entity comprise generating a skeleton security configuration profile based on the network entity information. a machine learning algorithm produces the first candidate security configuration profile, and the machine learning algorithm further takes as input the skeleton security configuration profile and produces the first candidate security configuration profile based on not only the deployment information but also the input skeleton security configuration profile [para. 28, 40, 85 and 95; scanning device configuration data to generate baseline values]. As regarding claim 3, DiMaggio further discloses The method of claim 1, further comprising: determining that the second risk score satisfies a criterion; and as a result of determining that the second risk score satisfies the criterion, providing the second candidate security configuration profile to the network entity [para. 19, 95, 101, 114 and 118]. As regarding claim 4, DiMaggio further discloses The method of claim 1, wherein the first candidate security configuration profile is provided as a template [para. 52 and 63; data stored in form of structures]. As regarding claim 5, DiMaggio further discloses The method of claim 1, wherein the network entity information pertains to configuration of the network entity [para. 27-28]. As regarding claim 6, DiMaggio further discloses The method of claim 1, wherein the network entity is associated with at least a first service, wherein the network entity information has a first part that is transparent to the first service, the network entity information has a second part that is specific for the first service, and the security configuration profile has a corresponding service transparent part and a corresponding service specific part that is specific for the first service [para. 28 and 29; device data including service data including subsets of data]. As regarding claim 7, DiMaggio further discloses The method of claim 1, wherein the deployment information pertains to any of: security configuration information, security risks assessment information, deployed security configuration profiles historical information, network environment information, service specific security configuration information [para. 99-100]. As regarding claim 8, DiMaggio further discloses The method of claim 7, wherein the deployment information based on which the first candidate security configuration profile is generated pertains to the security configuration information, the deployed security configuration profiles historical information, the network environment information, and the service specific security configuration information [para. 99-100]. As regarding claim 9, DiMaggio further discloses The method of claim 1, wherein generating the first candidate security configuration profile comprises populating a template profile according to the network entity information and then further populating the template profile according to the deployment information and the first candidate security configuration profile is defined by the thus populated template profile [para. 52 and 63; data stored in form of structures]. As regarding claim 12, DiMaggio further discloses The method of claim 7, wherein the deployment information based on which the risk score is calculated pertains to the security risks assessment information, the deployed security configuration profiles historical information, and the network environment information [para. 19, 95, 99-101, 114 and 118]. As regarding claim 14, DiMaggio further discloses The method of claim 1, wherein the first candidate security configuration profile for the network entity is also generated based on feedback information for a previous generated security configuration profile [para. 19, 95, 101, 114 and 118]. As regarding claim 15, DiMaggio further discloses The method of claim 1, wherein calculating the first risk score involves application of at least one of a machine learning algorithm, a decision tree algorithm, a random forest algorithm that takes as input the first candidate security configuration profile, the network entity information and the deployment information, and produces as output the first risk score [para. 19, 95, 101, 114 and 118]. As regarding claim 16, DiMaggio further discloses The method of claim 9, wherein the machine learning algorithm, the decision tree algorithm, and/or the random forest algorithm updates the template profile based on the deployment information and the feedback information [para. 115]. As regarding claim 17, DiMaggio further discloses The method of claim1, wherein the network entity is any of: a network component, a network node, a server, a physical network function, a virtual network function, a containerized network function, a virtual security function, a physical security function, a network equipment, a network slice [para. 44]. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905. The examiner can normally be reached on M-F 8:30AM - 5:30PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /THONG TRUONG/ Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433