Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detail Action
This office action is response to the application 18/807,647 filed on 08/16/2024. Claim 1 is pending in this communication.
Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and/or mobile phone number in next communication, which will be very helpful to advance the prosecution.
Generally the text that are italicized are claims; the text that are in bold are reference citations (with some obvious exception); the text which is neither italicized nor bolded are by the examiner.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. OR
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim 1 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by ALLEN; David et al., Pub. No.: US 2017/0078315 A1.
Regarding Claim 1, ALLEN anticipated a cybersecurity analysis system comprises:
an analysis computing entity that includes: one or more processing modules; a plurality of analysis system modules; and one or more network interface modules; and a plurality of private databases operably coupled to the analysis computing entity {[0044], “Vulnerability Management, vulnerability scanners, and so forth. In various embodiments, the additional servers 106 may collect information from the assets 102 (e.g., state information, event information, and the like) for analysis by the security system 104” … [0047], “The databases 204 and 206 may be any structure and/or structures suitable for storing the records and/or rules (e.g., active database, relational database, table, matrix, array, and the like)” … [0138], “The digital device 602 comprises a processor 604, memory 606, storage 608, an input device 610, a communication network interface 612, and an output device 614 communicatively coupled to a communication channel 616”. Examiner’s note: 35 U.S.C 112-F 3-prong test fails, so ‘module’ means-plus-function do not invoke 112-F}, wherein:
the analysis computing entity obtains data regarding a system of the plurality of system via an analysis system module of the plurality of analysis system modules {Fig. 4 element 402 & [0128], “In step 502, a system (e.g., security system 104) receives … information associated with a plurality of assets (e.g., assets 102) connected to a network (e.g., network 108)”};
the obtained data is regarding assets of the system, functions of the system, security of the system, and/or system self-evaluation {[0044] - vulnerability scanners & [0084], “the rules 220-230 may define one or more attributes, characteristics, functions, and/or conditions that, when satisfied, trigger the security system 104, or component thereof (e.g., asset module 210 or event module 226) to perform one or more actions”. Examiner’s note: analysing for vulnerability from malware is functioning as claimed ‘self-evaluation’};
the obtained data is stored in a private database of the plurality of private databases {[0047], “The databases 204 and 206 … storing the records and/or rules};
the analysis computing entity performs, based on the obtained data, a vulnerability analysis on the system with respect to the assets, with respect to the functions, with respect to the security, and/or with respect to the system self-analysis {Fig. 5 element 516 – ‘Detect actual vulnerabilities, potential vulnerabilities’};
the vulnerability analysis assesses the assets, the functions, the security, and/or the self-evaluation {[0082], “The rules database 206 stores rules 220-230 for controlling a variety of functions for the security system 104” … detecting actual and/or potential vulnerabilities of the assets 102”} based on respective one or more of assessment metrics, which include best-in-class practices, regulatory requirements, security risk awareness, risk remediation information, security risk avoidance, performance optimization information, system development guidelines, software development guideline, hardware requirements, networking requirements, networking guidelines, and other system proficiency guidance {[0010], “the asset state information may comprise data indicating any of (i) a set of open ports, (ii) a set of installed applications, (iii), a set of executing applications, (iv), a set of executing services, (v) a number of previously detected attacks, (vi) a set of vulnerabilities, (vii) a number of executed vulnerable applications, (viii) a risk level, or (ix) detected malware”}; and
the analysis computing entity generates a report regarding the vulnerability analysis assessment that provides a vulnerability score {[0114], “The threat level of the event may be used to control the schedule for remapping an asset 102, for determining the rate or distance that highlights vulnerability potential”. Examiner’s note: ‘thread level’/ ‘highlights vulnerability potential’ can be interpreted as claimed ‘vulnerability score’} for: the assets with respect to one or more assessment metrics selected for the assets; the functions with respect to one or more assessment metrics selected for the functions; the security with respect to one or more assessment metrics selected for the security; and/or the self-evaluation with respect to one or more assessment metrics selected for the self-evaluation {[0041], “The security system 104 may be configured to isolate assets 102 exhibiting atypical behavior … the security system 104 may flag the activity and/or trigger an action, e.g., report the user to an administrator, prevent access to that asset 102 by the user”}.
Examiner’s note: a terminal disclosure will be necessary against parent patent US 12,066,909 disclaiming terminal portion of the parent patent US 12,066,909 if any future amendment advances the prosecution to a notice of allowance.
Conclusion
Following prior art has been considered but is not applied:
HENRY; Shawn et al. (US 2016/0212166 A1)- Management of security policies across multiple security products: “the match score is compared to a score threshold. If the compare indicates the match score is equal to or greater than the score threshold, the different network security policies are deemed similar to each other and thus classified into the similar classification”.
BENNETT; Jeff et al. (US 2010/0275263 A1) – “A risk module includes integration of risk modeling with third party tools (e.g., security vulnerability scanners) to generate risk ratings, scores, and percentages. In a specific implementation, the system uses a combination of assessment results (e.g., someone checking the security on a server) and technical assessment results (e.g., third party security scanners) to feed the risk model” … “In the vulnerability analysis step, the user selects a set of technical scans from a list of technical scans. In a specific implementation, the system displays the technical scans associated with the involved or selected assets”.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034 or Quazi.farooqui@USPTO.GOV. The examiner can normally be reached on Monday-Friday 9:00 am to 5:30 pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached on (571) 270-3351 or amir.mehrmanesh@USPTO.GOV. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491