Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Examiner has included Gofman US 10,880326 to meet the claims as amended. Examiner asserts that Lasser US 11,005,878 arguably teaches the same, but has incorporated Gofman because the teaching is more explicit.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 7, 8, 13, 14, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vallone US 2016/0134653 in view of Gofman US 10,880326.
As per claims 1, 8, 14. Vallone teaches A method comprising: generating one or more scripts that are each directed to perform an intrusive activity;[0017][0019] (an agent executing a script/test of a cyber attack)
Vallone teaches submitting the one or more scripts to a target resource; [0019] (distributing to one or more targets) Vallone teaches responsive to receiving an indication of an execution of a script of the one or more scripts at the target resource, determining that that the target resource is vulnerable to the intrusive activity;[0019][0020] (monitoring responses to the attack and providing a report on the attack and defense of the system/target being tested, including the targets vulnerabilities)
Vallone teaches and logging, in a detection log, an event associating the target resource with the intrusive activity. [0019] (monitoring responses to the attack and providing a report on the attack and defense of the system/target being tested)
Gofman teaches resource, wherein at least one of the one or more scripts comprises an instruction to send an indication upon execution, wherein the indication is associated with a transfer lineage of the corresponding script that tracks a path of a payload of the corresponding script through one or more target resources, wherein the one or more target resources comprise the target resource; receiving the indication from a script of the one or more scripts indicating execution of the script at a first target resource of the one or more target resources, wherein the transfer lineage of the script comprises the first target resource; responsive to receiving the indication of an execution of a from the script of the one or more scripts at the target resource, determining that that the first target resource is vulnerable to the intrusive activity; and logging, in a detection log, an event associating the first target resource with the intrusive activity.
(Column 23 lines 17-55) (Column 25 lines 35-Column 26 line 50)
(Gofman teaches a penetration testing system including a reconnaissance agent where the system includes an agent reports on the script/compromise of a first node and spread of the malicious script through email from the first node to a second node and reports back to the central penetration system that reports when the script by attackers have been a success in compromise of said nodes)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use Gofman with the prior art because it improves the reporting of a penetration and vulnerability test.
As per claims 7, 13, 20. Vallone teaches the method of claim 1, further comprising: providing a notification to a user device indicating the target resource that is vulnerable to the intrusive activity. [0019][0038] (determining and reporting vulnerability based on test)
Claim(s) 4, 10, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vallone US 2016/0134653 in view of in view of Gofman US 10,880326 in view of Himberger US 2005/0248457.
As per claims 4, 10, 17. Himberger teaches the method of claim 1, wherein responsive to receiving the indication of the execution of the script, the method further comprises: comparing the indication to known benign activity; and responsive to determining, based on the comparing, that the indication is benign, updating the event in the detection log to indicate that the intrusive activity is benign. [0014][0015] claim 1 (teaches a detection log and comparing an intrusion event/test to a list of benign intrusion events)
It would have been obvious to one of ordinary skill I n the art at the time the invention was filed to use the teaching of Himberger with the prior art in order to reduce false positives.
Claim(s) 5, 6, 11, 12, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vallone US 2016/0134653 in view of in view of Gofman US 10,880326 in view of Lasser US 11,005,878.
As per claims 2, 15. Lasser teaches the method of claim 1, wherein the one or more scripts are transferred from the target resource to a second target resource. (Column 2 lines 40-55; Column 44 lines 18-44; Column 48 lines 9-60, Column 49 lines 20-34) (teaches a penetration test to determined vulnerabilities of nodes/resources of a network including a lateral movement test, where the attack moves from a first resource to a second resource, reporting results)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Lasser with the prior art because it provides a more comprehensive vulnerability assessment.
As per claims 3, 16. Lasser teaches the method of claim 2, further comprising: responsive to receiving a second indication of a second execution of the script of the one or more scripts at the second target resource, determining that the second target resource is vulnerable to the intrusive activity. (Column 2 lines 40-55; Column 44 lines 18-44; Column 48 lines 9-60, Column 49 lines 20-34) (teaches a penetration test to determined vulnerabilities of nodes/resources of a network including a lateral movement test, where the attack moves from a first resource to a second resource, reporting results)
As per claim 9. Lasser teaches the system of claim 8, wherein the one or more scripts are transferred from the target resource to a second target resource, and wherein the operations further comprise: responsive to receiving a second indication of a second execution of the script of the one or more scripts at the second target resource, determining that the second target resource is vulnerable to the intrusive activity. (Column 2 lines 40-55; Column 44 lines 18-44; Column 48 lines 9-60, Column 49 lines 20-34) (teaches a penetration test to determined vulnerabilities of nodes/resources of a network including a lateral movement test, where the attack moves from a first resource to a second resource, reporting results)
Claim(s) 5, 6, 11, 12, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Vallone US 2016/0134653 in view of in view of Gofman US 10,880326 in view of Himberger US 2005/0248457 in view of Lasser US 11,005,878.
As per claims 5, 11, 18. Lasser teaches the method of claim 4, further comprising: updating the one or more scripts by removing the script corresponding to the intrusive activity that is benign. (Column 2 lines 25-36; Column 45 line 60 to Column 46 line 5) (teaches restoring a resource, after vulnerability test, including undoing any operations)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Lasser with the prior art because it restores a resource to its pre-compromised state.
As per claims 6, 12, 19. Lasser teaches the method of claim 4, further comprising: generating an additional script comprising an instruction to terminate the execution of the script corresponding to the intrusive activity that is benign at the target resource; and submitting the additional script to the target resource. (Column 2 lines 25-36; Column 45 line 60 to Column 46 line 5) (teaches restoring a resource, after vulnerability test, including undoing any operations)
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439