Detailed Action
Claims 1, 2, 4-15, 17-20 are pending in this application. Claims 3,16 were cancelled. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/23/26 has been entered.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1, 2, 4-15, 17-20 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
As per claims 1,14,20, recites the amend limitation of
generating the risk profile based on the number of downstream hosts, the first data and the second data;
which appears unsupported by the specification. The closest support for this limitation is Fig.5, para.86-88, reproduced below
[0086] In some examples, a first operation 501 may comprise providing first data representing the infrastructure of a computer network. The first data may be received from the computer network, for example from an administrative server and/or domain controller of the computer. As mentioned, the first data may comprise data from SCCM and/or AD or any similar system management software which provides at least a host and system inventory for the computer network.
[0087] In certain examples, a second operation 502, which may happen subsequent to, at the same time as, or even prior to, the first operation 501, may comprise receiving second data from a vulnerability scanning software indicating one or more vulnerabilities detected on software resources on hosts of the computer network. As mentioned, the second data may comprise data output by software such as NESSUS.
[0088] According to some examples, a third operation 503 may comprise generating output data, using the first and second data, representing the risk profile of the particular computer network.
These citations supports the use of the first and second data for the risk profile, but does not support the generation of the risk profile based on the use of the number of downstream hosts that take data from the at least one of the polarity of hosts.
Response to Arguments
Applicant’s arguments with respect to the rejections have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground of rejection is made.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892.
US 2020/0012796 issued to Trepagnier et al., teaches determining a risk rating for software vulnerabilities of host devices and services on an enterprise network are discussed. Risk-rating systems and methods prioritize cyber defense resources utilizing both network-independent and network-specific approaches.
US 2014/0130033 issued to Alls et al., teaches an industrial facility includes at least one reader device configured to read patch update information stored on computer-readable storage media inserted therein. The industrial facility includes an industrial control system that includes at least cyber asset. The system further includes a processor coupled to the memory device. The processor is programmed to scan the at least one cyber asset. The processor is also programmed to generate a scan report including a patch status for at least one patch not operatively resident on the at least one cyber asset. The scan report includes a deployment temporal period value for deployment of the patch.
US 6,952,779 issued to Cohen et al., teaches risk detection and analysis in a computer network. Computerized, automated systems and methods can be provided. Raw vulnerability information and network information can be utilized in determining actual vulnerability information associated with network nodes. Methods are provided in which computer networks are modeled, and the models utilized in performing attack simulations and determining risks associated with vulnerabilities. Risks can be evaluated and prioritized, and fix information can be provided.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BACKHEAN TIV whose telephone number is (571)272-5654. The examiner can normally be reached on Mon.-Thurs. 5:30-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on (571) 272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BACKHEAN TIV/
Primary Examiner
Art Unit 2459