Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: machine learning module in claims 25,32,33,40,41,48.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 25-31,33-39,41-47,49-51 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) mental processes – concepts performed in the human mind.
Subject Matter Eligibility Analysis
Step 1: Do the Claims Specify a Statutory Category?
Claims 25-31,49 recite a method, 33-39,50 recite a system, and claims 41-47,51 recite a computer program product, therefore satisfying Step 1 of the analysis.
Step 2 Analysis
Regarding claim 25,
Step 2A – Prong 1: Is a Judicial Exception Recited?
For step 2A eligibility prong one(does the claim recite a judicial exception?), the claim(s) recite(s) “produce an output value that comprises a risk score that indicates a likelihood of a potential malfunctioning occurring within the computing environment; caused by firmware levels … not being at a recommended level;” and “in response to determining that the risk score exceeds a predetermined threshold”, and “wherein the indication additionally indicates a level of severity of the potential malfunctioning,”, and “calculate a margin of error based on comparing a generated risk score to an expected risk score, and wherein the expected risk score is higher in response to a data loss in comparison to a loss of access to data for a limited period of time.”(this is a mental process of observation, evaluation, judgment, opinion [MPEP 2106.04(a)(2) III. “mental processes”]). For step 2A eligibility prong one analysis, generating a risk score where the risk score is higher in response to a data loss in comparison to a loss of access to data for a limited period of time, and comparing the risk score to a predetermined threshold are mental process types of abstract idea. As claimed, this process can practically be performed either in the human mind or using a computer as a tool.
Training a machine learning module is not an abstract idea, and “machine learning module” will be treated as a generic computer component in step 2A prong two and step 2B, like other generic computer components, such as a processor or memory. Support for the generic nature of the machine learning module is in paragraphs 11 and 22 of the specification, where the machine learning module is described, and several different machine learning techniques it could employ are listed. Although training a machine learning module can not be practically done in a human mind, a claim that requires a computer may still recite a mental process, see [MPEP 2106.04(a)(2) III C. “A Claim That Requires a Computer May Still Recite a Mental Process”: “In evaluating whether a claim that requires a computer recites a mental process, examiners should carefully consider the broadest reasonable interpretation of the claim in light of the specification. For instance, examiners should review the specification to determine if the claimed invention is described as a concept that is performed in the human mind and applicant is merely claiming that concept performed 1) on a generic computer, or 2) in a computer environment, or 3) is merely using a computer as a tool to perform the concept. In these situations, the claim is considered to recite a mental process.”] Examiner interprets the machine learning module as a generic component in a generic computer.
Step 2A – Prong 2: Is the Judicial Exception Integrated into a Practical Application?
For step 2A eligibility prong two(does the claim recite additional elements that integrate the judicial exception into a practical application?), This judicial exception is not integrated into a practical application because it is not tied to any particular computer problem. this judicial exception is not integrated into a practical application because it is not tied to any particular computer problem. The other limitations are either gathering data(“providing input on a plurality of attributes of a computing environment comprising one or more devices to a machine learning module”) [MPEP 2106.04(d) ”Integration of a Judicial Exception Into A Practical Application”], sending/receiving data (“transmitting an indication to indicate that the potential malfunctioning is likely to occur within the computing environment”) [MPEP 2106.04(d)], merely using a computer as a tool to perform an abstract idea(“training a machine learning module to produce an output value that comprises a risk score that indicates a likelihood of a potential malfunctioning occurring within the computing environment”)[MPEP 2106.04(d)], or generally linking the judicial exception to a particular technological environment(“first set of devices of the one or more devices in the computing environment“, “modifying the computing environment by updating the firmware levels of the first set of devices to the recommended level to prevent the potential malfunctioning from occurring”)[MPEP 2106.04(d)]
Support for the generic nature of the machine learning module is in paragraphs 11 and 22 of the specification, where the machine learning module is described, and several different machine learning techniques it could employ are listed. Examiner interprets the machine learning module as a generic component in a generic computer.
The limitation that limits the risk score to a potential malfunctioning occurring within a computing environment is still so general that it could apply to any/every computing environment and does not integrate the claim to a practical application. These limitations do not meaningfully limit the claim by going beyond generally linking the use of the judicial exception to a particular technological environment (see MPEP 2106.04(d)(1)).
Overall, the claim as a whole only applies generic components to the judicial exception, which could apply to several different machine learning techniques and apply to any/every computing environment with components that have firmware.
Step 2B: Do the Claims Provide an Inventive Concept?
For step 2B eligibility (Whether a Claim Amounts to Significantly More), The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because additional elements are either The other limitations are either gathering data(“providing input on a plurality of attributes of a computing environment comprising one or more devices to a machine learning module”) [MPEP 2106.05(g) Insignificant Extra-Solution Activity], sending/receiving data (“transmitting an indication to indicate that the potential malfunctioning is likely to occur within the computing environment”) [MPEP 2106.05(g) ”Insignificant Extra-Solution Activity”], merely using a computer as a tool to perform an abstract idea(“training a machine learning module to produce an output value that comprises a risk score that indicates a likelihood of a potential malfunctioning occurring within the computing environment”) [MPEP 2106.05(a)” Improvements to the Functioning of a Computer or To Any Other Technology or Technical Field”], or generally linking the judicial exception to a generic computer component(“first set of devices of the one or more devices in the computing environment“)[MPEP 2106.05(a)” Improvements to the Functioning of a Computer or To Any Other Technology or Technical Field”], or well-understood, routine, conventional activity (“modifying the computing environment by updating the firmware levels of the first set of devices to the recommended level to prevent the potential malfunctioning from occurring”)[MPEP 2106.05(d) “Well-Understood, Routine, Conventional Activity”]
The general idea of staying up to date on software versions, or the idea that continuing to use out of date software versions has risks is well-understood in the field of fault detection(“Firmware” – Wikipedia Jan 2018 pg. 1 “Common reasons for updating firmware include fixing bugs or adding features to the device.”)(“Risks of using out dated software, OS, and browsers“, Seqrite, SEQRITE blog 2017, pg. 5, “It is quite evident that with usage of unsupported versions and old software, these risks can become a reality in no time and the consequences of that can be devastating for businesses. It is thus important for organizations to understand the need of using latest software versions and updating them with most recent patches so that the vulnerability of the systems and network can be minimized. A small effort in updating an existing software or investing in the latest versions can go a long way in keeping your data secure.”). The limitation that ranks data loss as worse than data unavailability is also well-understood (“Data loss”- Wikipedia 2017 “Data loss is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing. Information systems implement backup and disaster recovery equipment and processes to prevent data loss or restore lost data. Data loss is distinguished from data unavailability, which may arise from a network outage. Although the two have substantially similar consequences for users, data unavailability is temporary, while data loss may be permanent.”) This concept of availability is also common in Service Level Agreements (SLA) under the concepts of availability and uptime (“Service-level agreement” – Wikipedia 2017 “Particular aspects of the service – quality, availability, responsibilities – are agreed between the service provider and the service user.”, “A well-defined and typical SLA will contain the following components: … The service's desired performance level, especially its reliability and responsiveness: A reliable service will be the one which suffers minimum disruptions in a specific amount of time and is available at almost all times.”, “Uptime is also a common metric, often used for data services such as shared hosting, virtual private servers and dedicated servers.”). These limitations do not include additional elements that are sufficient to amount to significantly more than the judicial exception [see MPEP 2106.05(d)”Well-Understood, Routine, Conventional Activity”].
Conclusion: In light of the above, the limitations in claim 25 recite and are directed to an abstract idea and recite no additional elements that would amount to significantly more than the identified abstract idea. Claim 25 is therefore not patent eligible.
Regarding claim 26, the additional elements do not integrate into a practical application or include additional elements that are sufficient to amount to significantly more than the judicial exception. Modifying the environment to prevent the potential malfunctioning from occurring is well known in the error detection and correction field and does not go beyond generally linking the claim to the error detection and correction field, as the claim is still general enough that it could apply to any/every computing environment. (See MPEP 2106.04(d)(1) and MPEP 2106.05)
Regarding claim 27, the additional elements do not integrate into a practical application or include additional elements that are sufficient to amount to significantly more than the judicial exception. Including a storage drive, storage controllers, and storage I/O in a computing environment is well-understood, routine, conventional activity that does not go beyond generally linking the claim to the error detection and correction field. (See MPEP 2106.04(d)(1) and MPEP 2106.05)
Regarding claim 28, the additional elements do not integrate into a practical application or include additional elements that are sufficient to amount to significantly more than the judicial exception. Measuring the firmware or software level of a device and comparing the level to a minimum or recommended level for the device is data gathering and analysis and is insignificant extra-solution activity. This limitation is also well-understood, routine, conventional activity in the error detection field, as the claim is still general enough that it could apply to any/every computing environment. (See MPEP 2106.04(d)(1) and MPEP 2106.05)
Regarding claim 29, the additional elements do not integrate into a practical application or include additional elements that are sufficient to amount to significantly more than the judicial exception. Limitation “wherein the plurality of attributes are based on: whether a device has reached an end of life cycle; and a ratio of faulty replaced drives to total number of drives over a period of time.” is data gathering and analysis, which is insignificant extra-solution activity. This limitation is also well-understood, routine, conventional activity in the error detection field, and is claimed in a generic manner. (See MPEP 2106.04(d) and MPEP 2106.05 (d))
Regarding claim 30, the additional elements do not integrate into a practical application or include additional elements that are sufficient to amount to significantly more than the judicial exception. RAID configurations and their replication factors are well-understood, routine, conventional activity that does not go beyond generally linking the claim to the error detection and correction field. (See MPEP 2106.04(d)(1) and MPEP 2106.05)
Regarding claim 31, the additional elements do not integrate into a practical application or include additional elements that are sufficient to amount to significantly more than the judicial exception. Limitation “wherein the plurality of attributes indicate: whether critical policy failures have occurred in the computing environment; whether one or more devices have missed heartbeats; an age of a device; and problems identified with a device.” is data gathering and analysis, which is insignificant extra-solution activity. This limitation is also well-understood, routine, conventional activity in the error detection field, and is claimed in a generic manner. (See MPEP 2106.04(d) and MPEP 2106.05 (d))
Regarding claim 49, the additional elements do not integrate into a practical application or include additional elements that are sufficient to amount to significantly more than the judicial exception. Limitation “wherein the expected risk score that indicates the expected likelihood of the potential malfunctioning is proportional to the period of time for which there is the loss of access to data, and wherein the expected risk score is higher in response to a data loss in comparison to the loss of access to data for the period of time.” is data gathering and analysis, which is insignificant extra-solution activity. This limitation is also well-understood, routine, conventional activity in the error detection field, and is claimed in a generic manner. (See MPEP 2106.04(d) and MPEP 2106.05 (d))
Regarding claims 33-39,50 they are the system claims that implement the method of claims 25-31,49 and are rejected for the same reasons.
Regarding claims 41-47,51 they are the computer program product containing instructions to perform the method of claims 25-31,49 and are rejected for the same reasons.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 25-28,33-36,41-44,49-51 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20140336791 A1 (Asenjo) in view of “Security Risk Assessment of Cloud Computing Services in a Networked Environment”(Weintraub et. al. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 7, No. 11, 2016 79, herein referred to as Weintraub).
Regarding claim 25, Asenjo teaches,
A method, comprising:
providing input on a plurality of attributes of a computing environment comprising one or more devices(fig 1:314 par 56 “Using an architecture similar to that depicted in FIG. 1, predictive maintenance system 314 can collect industrial data from the individual devices during operation and classify the data in a customer data store 302 according to the aforementioned classifications.”) to a machine learning module to produce an output value(fig 8:210; par 67 “Predictive analysis component 210 can analyze the resulting multi-industry, multi-customer data store to learn industry-specific, device-specific, and/or application- specific trends, patterns, thresholds, etc.”) that comprises a risk score that indicates a likelihood of a potential malfunctioning occurring within the computing environment(par 85 “Once these critical variations have been identified, predictive analysis component 210 can analyze customer-specific data to anticipate when the customer's particular system is at risk of exceeding these critical variations ( e.g., determine whether a pressure at an analogous station of the customer's system is trending toward a determined critical threshold).”) caused by firmware levels of a first set of devices of the one or more devices in the computing environment not being at a recommended level;(par 10 “These services can include providing notifications when a newer firmware version is available for a given device, detection and notification of system trends indicative of an impending device or system failure, detection and notification of device or system performance degradation, recommending device upgrades or system reconfigurations that will improve system performance or device interaction, … .”; fig 10; par 77 “The system response to a determination that the on-premises device is running an out-of-date firmware version can depend on the service contract information maintained in the customer model. … .”)
in response to determining that the risk score exceeds a predetermined threshold,(fig 10; par 77 “The system response to a determination that the on-premises device is running an out-of-date firmware version can depend on the service contract information maintained in the customer model. … .”)
transmitting an indication to indicate that the potential malfunctioning is likely to occur within the computing environment,(par 87 “For example, customer model 304 may specify that notifications relating to an impending device failure should be delivered to one or more client devices associated with selected maintenance personnel, while notifications relating to firmware upgrades or recommended device reconfigurations should be delivered to a client device associated with a plant engineer.”) wherein the indication additionally indicates customized details about the potential malfunctioning(par 87 “Notification preferences defined in the customer model may also be a function of a particular plant facility, area, or work-cell to which the notification relates.”; par 90 “Depending on the type of problem identified and the nature of the service agreement between the customer and the technical support entity, notification component 212 may initiate contact with customer support personnel in response to detection of an impending maintenance issue.”), wherein the machine learning module is trained to calculate a margin of error based on comparing a generated risk score to an expected risk score,(par 67 “Predictive analysis component 210 can analyze the resulting multi-industry, multi-customer data store to learn industry-specific, device-specific, and/or application-specific trends, patterns, thresholds, etc. In general, predictive analysis component 210 can perform big data analysis on the multi-enterprise data maintained BDFM data storage to learn and characterize operational trends or patterns as a function of industry type, application type, equipment in use, asset configurations, device configuration settings, or other such variables.”; par 68, 69,78,82 ) and wherein the response to the problem is dependent on the type of the problem;(par 90 “Depending on the type of problem identified and the nature of the service agreement between the customer and the technical support entity, notification component 212 may initiate contact with customer support personnel in response to detection of an impending maintenance issue.”) and
modifying the computing environment by updating the firmware levels of the first set of devices to the recommended level to prevent the potential malfunctioning from occurring.(fig 10; par 77 “If the customer's service plan does not include automated firmware upgrades, … . Alternatively, the firmware may be provided automatically to the user in accordance with the pre-existing service plan. In another scenario, for cloud-aware industrial devices that include bi-directional cloud gateways, device management component 208 may remotely deliver and install the most recent firmware version to the device automatically from the cloud platform (e.g., via device interface component 204).”)
However, Asenjo does not specifically teach a level of severity of the potential malfunctioning or wherein the expected risk score is higher in response to a data loss in comparison to a loss of access to data for a limited period of time.
On the other hand, Weintraub teaches,
A method, of risk modeling in a cloud computing environment,
wherein the indication additionally indicates a level of severity of the potential malfunctioning,(pg 82 “[24] published a list of CC risk factors. … Following the list of risks, categorized to the three cloud layers, each risk includes an indication for either risk increasing (RI) or risk decreasing (RD). Additionally the description includes the types of risks and their severity level. From figure IV it is clear that the risk level increases from Unavailability to Loss, from Loss to Theft, and from Theft to Disclosure. While assigning values to severity levels may be an open issue, the following example is an arbitrary scheme where these values are increasing as mentioned above.”; pg 81 “CSA's experts identified nine critical threats, ranked in descending order of severity: Data Breaches, Data Loss, ….”; pg 83 “Table I not only differentiate between the RI/RD factors, it also depicts the probability and damage of each factor to the four risk types (Unavailability, Loss, …). The risk level of each risk type is a measure of both the probability of occurrence and the expected damage of the risk realization.”)
, and wherein the expected risk score is higher in response to a data loss in comparison to a loss of access to data for a limited period of time;(pg 81“Starting our analysis we note that the damage of loss is greater than the damage of unavailability.”; fig 3”Temporary Unavailability”; pg 82 “disclosure of regular data has low risk, while the disclosure of critical data has higher risk. Also, temporary unavailability of regular data may be tolerated due to low damage.”; pg 82 “Following the list of risks, categorized to the three cloud layers, each risk includes an indication for either risk increasing (RI) or risk decreasing (RD). Additionally the description includes the types of risks and their severity level. From figure IV it is clear that the risk level increases from Unavailability to Loss, from Loss to Theft, ….”; pg 83 “Table I not only differentiate between the RI/RD factors, it also depicts the probability and damage of each factor to the four risk types (Unavailability, Loss, …). The risk level of each risk type is a measure of both the probability of occurrence and the expected damage of the risk realization.”)
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Asenjo’s preventative maintenance system to incorporate the level of severity of the potential malfunctioning and wherein the expected risk score is higher in response to a data loss in comparison to a loss of access to data for a limited period of time of Weintraub. One of ordinary skill in the art would have been motivated to remedy the shortcomings of Asenjo -- a need for how to prioritize maintenance issues(Weintraub pg 83 “Table I not only differentiate between the RI/RD factors, it also depicts the probability and damage of each factor to the four risk types (Unavailability, Loss, Theft, and Disclosure). The risk level of each risk type is a measure of both the probability of occurrence and the expected damage of the risk realization.”) -- with Weintraub providing a known method to solve a similar problem. Weintraub provides a risk modeling framework to analyze different types of risks(Weintraub pg 81-89; Weintraub pg 89 “This paper proposes a technique for evaluating and comparing risks between different service providers in the three CC layers.”)
Regarding claim 26, Asenjo and Weintraub teaches,
The method of claim 25,
Asenjo further teaches,
wherein the computing environment is modified to prevent the potential malfunctioning from occurring. (fig 10; par 77 “If the customer's service plan does not include automated firmware upgrades, … . Alternatively, the firmware may be provided automatically to the user in accordance with the pre-existing service plan. In another scenario, for cloud-aware industrial devices that include bi-directional cloud gateways, device management component 208 may remotely deliver and install the most recent firmware version to the device automatically from the cloud platform (e.g., via device interface component 204).”)
Regarding claim 27, Asenjo and Weintraub teaches,
The method of claim 25,
Asenjo further teaches,
wherein the computing environment comprises one or more devices comprising one or more storage controllers, one or more storage drives, and one or more host computing systems,(par 32 “For example, a component can be, but is not limited to being, a process running on a processor, a processor, a hard disk drive, multiple storage drives (of optical or magnetic storage medium) including affixed (e.g., screwed or bolted) or removably affixed solid-state storage drives;”; par 51 “Each system 404 is made up of a number of assets 406 representing the machines and equipment that make up the system ( e.g., the various stages of a production line). In general, each asset 406 is made up of multiple devices 408, which can include, for example, the programmable controllers, motor drives, human-machine interfaces (HMis), sensors, meters, etc. comprising the asset 406. The various data classes depicted in FIGS. 3 and 4 are only intended to be exemplary, and it is to be appreciated that any organization of industrial data classes maintained by predictive maintenance system 314 is within the scope of one or more embodiments of this disclosure.”) wherein the one or more storage controllers manage the storage drives to allow input/output (I/O) access to the one or more host computing systems.(par 32 “As further yet another example, interface(s) can include input/ output (I/O) components as well as associated processor, application, or Application Programming Interface (API) components.”)
Regarding claim 28, Asenjo and Weintraub teaches,
The method of claim 25,
Asenjo further teaches,
wherein an attribute of the plurality of attributes is a measure of a firmware or software level of a device in comparison to a minimum or recommended firmware or software level for the device. (fig 10; par 77 “The system response to a determination that the on-premises device is running an out-of-date firmware version can depend on the service contract information maintained in the customer model. … .”)
Regarding claim 49, Asenjo and Weintraub teaches,
The method of claim 25,
Weintraub further teaches,
wherein the expected risk score indicates an expected likelihood of the potential malfunctioning(table 1:”P=Probability”; pg 83 “Table I not only differentiate between the RI/RD factors, it also depicts the probability and damage of each factor to the four risk types (Unavailability, Loss, Theft, and Disclosure). The risk level of each risk type is a measure of both the probability of occurrence and the expected damage of the risk realization.”) and is proportional to the limited period of time for which there is the loss of access to data.(pg 82 “In terms of policy, in some cases the damage of temporary unavailability (of process or application) is so minor as to ignore it altogether.”; pg 82 “… temporary unavailability of regular data may be tolerated due to low damage.”; fig 4; pg 82 “Additionally the description includes the types of risks and their severity level. From figure IV it is clear that the risk level increases from Unavailability to Loss, from Loss to Theft, and from Theft to Disclosure. While assigning values to severity levels may be an open issue, the following example is an arbitrary scheme where these values are increasing as mentioned above.”)
Regarding claims 33-36,50 they are the system claims that implement the method of claims 25-28,49 and are rejected for the same reasons. The additional memory and processor components are taught in (Asenjo claim 1” a memory that stores computer-executable components; a processor, operatively coupled to the memory, that executes computer-executable components, the computer-executable components comprising”).
Regarding claims 41-44,51 they are the computer program product containing instructions to perform the method of claims 25-28,49 and are rejected for the same reasons.
Claim(s) 29-31,37-39,45-47 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20140336791 A1 (Asenjo) and “Security Risk Assessment of Cloud Computing Services in a Networked Environment”(Weintraub et. al. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 7, No. 11, 2016 79, herein referred to as Weintraub) as applied to claim 27 above, and further in view of US 20200104200 A1 (Kocberber).
Regarding claim 29, Asenjo and Weintraub teaches,
The method of claim 27,
Asenjo further teaches,
wherein the plurality of attributes are based on:
whether a device has reached an end of life cycle;(par 47 “For example, analysis can be performed on large sets of device, asset, process, and system data collected from multiple industrial enterprises to identify operational patterns, optimal hardware and software configurations for particular industrial applications, device lifecycle trends that can be used to predict future device or system failures, or other analysis goals.”) and
However, Asenjo and Weintraub do not specifically teach a ratio of faulty replaced drives to total number of drives over a period of time.
On the other hand, Kocberber teaches
A machine learning system for learning important attributes and identifying failures ahead of time(par 1 “The present invention relates to a framework for training a specific machine learning system trained with disk drive sensor data to learn important attributes and identify disk drive failures ahead of time.”)
wherein the plurality of attributes are based on:
whether a device has reached an end of life cycle(fig 2:220; par 44 “It shows that P sensor attributes 210 are received for each disk, the sensor attributes are received over N days 220, and the sensor attributes are received for Q disks in total 230.” N days is equivalent to the age of the device. Par 84 “Understanding the remaining useful life of a disk is a significant factor in helping businesses with capacity planning, allocation, and forecasting.” Age is directly correlated with useful life of a disk.); and
a ratio of faulty replaced drives to total number of drives over a period of time(par 51 "Healthy/failed disk ratio defines the number of healthy disks added to the output matrix for every failed disk."; par 82 “Each disk failure causes a window of vulnerability within the system, where multiple failures in the same volume may result in permanent data loss. Embodiments presented herein enable predictions of disk failures so that informed volume allocation decisions may be employed to spread the risk evenly on different volumes.”).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Asenjo and Weintraub to incorporate the usage of the ratio of faulty replaced drives to total number of drives of Kocberber. One of ordinary skill in the art would have been motivated to remedy the shortcomings of Asenjo and Weintraub -- a need for a solution for the issue of when drives unexpectedly fail -- with Kocberber providing a known method to solve a similar problem. Kocberber provides “a framework for applying machine learning on time-series disk drive sensor data in order to automatically identify disk drive attributes that are indicative of disk drive failure without being limited by disk drive vendor, disk drive model, or disk drive attribute sensor monitoring.”(Kocberber par 6)
Regarding claim 30, Asenjo and Weintraub teaches,
The method of claim 27,
However, Asenjo and Weintraub do not specifically teach RAID.
On the other hand, Kocberber teaches
A machine learning system for learning important attributes and identifying failures ahead of time(par 1 “The present invention relates to a framework for training a specific machine learning system trained with disk drive sensor data to learn important attributes and identify disk drive failures ahead of time.”)
wherein an attribute is based on a level of redundancy in the computing environment indicated by Redundant Array of Independent Disks (RAID) configurations.(par 21 "A disk drive is said to have stopped working when the disk appears physically dead-i.e., does not respond to commands from the operating systems (e.g., generated via console commands), or the RAID system instructs that the drive cannot be read or written. "; par 82 “Avoid permanent data loss: Each disk failure causes a window of vulnerability within the system, where multiple failures in the same volume may result in permanent data loss. Embodiments presented herein enable predictions of disk failures so that informed volume allocation decisions may be employed to spread the risk evenly on different volumes.”)
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Asenjo and Weintraub to incorporate the usage of the ratio of faulty replaced drives to total number of drives of Kocberber. One of ordinary skill in the art would have been motivated to remedy the shortcomings of Asenjo and Weintraub -- a need for a solution for the issue of when drives unexpectedly fail -- with Kocberber providing a known method to solve a similar problem. Kocberber provides “a framework for applying machine learning on time-series disk drive sensor data in order to automatically identify disk drive attributes that are indicative of disk drive failure without being limited by disk drive vendor, disk drive model, or disk drive attribute sensor monitoring.”(Kocberber par 6)
Regarding claim 31, Asenjo and Weintraub teaches,
The method of claim 27,
Asenjo further teaches,
wherein the plurality of attributes indicate:
whether critical policy failures have occurred in the computing environment;(par 80 “As noted above, customer-specific data 1102 can include device and/or asset level faults and alarms, process variable values ( e.g., temperatures, pressures, product counts, cycle times, etc.), calculated or anticipated key performance indicators for the customer's various assets, indicators of system behavior over time, and other such information.”)
whether one or more devices have missed heartbeats;(par 75 “At periodic intervals ( or in response to detection of a new device being deployed at the customer premises), device management component 208 can retrieve a subset of the device data 306 relating to a particular device from the customer's data store (e.g., customer data store 302 of FIG. 3).”)
historical data of a device;(par 68 “By leveraging a large amount of historical data gathered from many different industrial systems, predictive analysis component 210 can learn common operating characteristics of many diverse configurations of industrial assets at a high degree of granularity and under many different operating contexts.”) and
problems identified with a device.(par 89 “In addition to providing automated maintenance notification services, one or more embodiments of the cloud based predictive maintenance system can also facilitate proactive involvement of technical support personnel in response to impending device failures or other system problems detected via the predictive analysis techniques described above.”)
However, Asenjo and Weintraub do not specifically teach wherein the plurality of attributes indicate: an age of a device;
On the other hand, Kocberber teaches
A machine learning system for learning important attributes and identifying failures ahead of time(par 1 “The present invention relates to a framework for training a specific machine learning system trained with disk drive sensor data to learn important attributes and identify disk drive failures ahead of time.”)
wherein the plurality of attributes indicate: an age of a device(fig 2:220; par 44 “It shows that P sensor attributes 210 are received for each disk, the sensor attributes are received over N days 220, and the sensor attributes are received for Q disks in total 230.” N days is equivalent to the age of the device. Par 84 “Understanding the remaining useful life of a disk is a significant factor in helping businesses with capacity planning, allocation, and forecasting.” Age is directly correlated with useful life of a disk.)
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify Asenjo and Weintraub to incorporate the usage of the ratio of faulty replaced drives to total number of drives of Kocberber. One of ordinary skill in the art would have been motivated to remedy the shortcomings of Asenjo and Weintraub -- a need for a solution for the issue of when drives unexpectedly fail -- with Kocberber providing a known method to solve a similar problem. Kocberber provides “a framework for applying machine learning on time-series disk drive sensor data in order to automatically identify disk drive attributes that are indicative of disk drive failure without being limited by disk drive vendor, disk drive model, or disk drive attribute sensor monitoring.”(Kocberber par 6)
Regarding claims 37-39 they are the system claims that implement the method of claims 29-31 and are rejected for the same reasons.
Regarding claims 45-47 they are the computer program product containing instructions to perform the method of claims 29-31 and are rejected for the same reasons.
Response to Arguments
Applicant's arguments filed 10/06/2025 have been fully considered but they are not persuasive.
With respect to the independent claims, the applicant has argued that limitation “modifying the computing environment by updating the firmware levels of the first set of devices to the recommended level to prevent the potential malfunctioning from occurring” amounts to significantly more than the judicial exception in step 2B of the 101 patent subject matter eligibility test. Applicant explains that this limitation goes beyond the data collection and data processing/analysis steps and actually changes the system. The examiner respectfully disagrees. Although updating firmware levels is more than the judicial exception, it does not classify as significantly more than the judicial exception as it is only applying the results of the risk assessment in a well-understood, routine, and conventional way(“Risks of using out dated software, OS, and browsers“, Seqrite, SEQRITE blog, pg 5, “It is quite evident that with usage of unsupported versions and old software, these risks can become a reality in no time and the consequences of that can be devastating for businesses. It is thus important for organizations to understand the need of using latest software versions and updating them with most recent patches so that the vulnerability of the systems and network can be minimized. A small effort in updating an existing software or investing in the latest versions can go a long way in keeping your data secure.”) [see MPEP 2106.05(d)”Well-Understood, Routine, Conventional Activity”].
With respect to the independent claims, the applicant has argued that limitation “caused by firmware levels of a first set of devices of the one or more devices in the computing environment not being at a recommended level” integrates the judicial exception into a practical application in step 1A prong two of the 101 patent subject matter eligibility test. The examiner respectfully disagrees. Although the new limitation does narrow the scope of the claim from any device in a computer environment, to just devices with firmware in a computer environment, devices with firmware still applies to most devices in most computing environments, so this limitation does not go beyond generally linking the use of the judicial exception to a particular technological environment. [see MPEP 2106.04(d)(1)”Evaluating Improvements in the Functioning of a Computer, or an Improvement to Any Other Technology or Technical Field in Step 2A Prong Two”]
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US-20200058034-A1 – Sloane - has different priority based on severity. Date is a little close, but it is different company.
US 20190124099 A1 - Matselyukh - talks about severity, but is not as good a fit as Fei.
US 20170115899 A1 - Franke - raid reference, shifts data around to prevent wearout of storage devices.
US 10824145 B1 - Konrardy - fig 7:706 determine severity of anomaly. Automatically learns what parts of road cause problems to the vehicle and tries to avoid those problem road areas.
US 20190377625 A1 - Chintalapati - predicts node failures and uses version information.
US 20200092319 A1 - Spisak - considers spares lead time when ranking failures.
US 20180114175 A1 - Fei - severity rating and machine learning to predict severity.
US 20170048109 A1 - Kant - predicts when incidents will happen and triggers actions to prevent incidents.
US 20200112489 A1 - Scherger - predicts network equipment failures
US 20180287856 A1 - Whitner - gathering version information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL XU whose telephone number is (571)272-5688. The examiner can normally be reached Monday-Friday 8:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Bryce Bonzo can be reached at (571) 272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL XU/Examiner, Art Unit 2113