DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant’s amendment filed 06 January 2026 amends claims 1, 9, and 10. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues on pages 7-8 of the response, “In the claim, event information is specified as to include one of two events, which are a firmware update event or a security setting update event…On Page 5 of the Office Action, it states ‘it is generally unclear what constitutes ‘a same event’. Without a clear indication of what constitutes ‘a same event’, it is not possible to determine the ‘number of entries’. However, after the amendment the claims should be quite clear…it should [sic] reasonable to construe the meaning as that if a number of entries of the multiple entries having identical operation information for the firmware update event occurs multiple times (same event), then the processor would determine whether the number of entries in minority in quantity relative to the total number of entries.” In response, the claims are not worded in the manner explained by Applicant. Instead, the claims still specify that multiple entries having identical operation information “corresponding to a same event”. The claims should be amended to specify that entries having “identical operation information” are considered to be the “same event” and the number is incremented. The claims could even be amended to simply increment the number count when is entry is identified as having the “identical operation information”. The issue is with the manner in which the claims are currently worded, which renders the claims indefinite for the same reasons identified in the Non-Final mailed 28 October 2025 (“Non-Final”). Amending the claims to specify a type of event does not address the indefiniteness issues raised in the Non-Final.
Applicant argues on page 8 of the response, “Regarding (2), incorrect warning in paragraph [0008] of the published specification is ‘a warning without a presence of a genuine risk’ which has been added to claims 1, 9, and 10.” In response, this language adds another layer of ambiguity. How is the presence of a genuine risk determined? Therefore, the issue of how the issued warnings are determined to be “incorrect” remains.
Applicant argues on page 8 of the response, “Therefore, in this situation, there is no omission of absence of an operation because the claim actually specifies how the processor is programmed to determine a determination. Even if a function is not executed, the processor is still required to have codes to decide whether to issue or [sic] warning or not. In other words, the determination still has to be made.” This argument is not persuasive because the claims specifically require the processor to be configured “to not issue a warning”, however, Applicant’s response suggests that the processor could be configured to determine to issue a warning or end the process, which is not the same as what is being claimed.
Applicant arguments of pages 9-10 of the response with respect to Step 2A have failed to actually address the identification of the abstract idea in the claim language that was set forth in the Non-Final. Instead, Applicant presented a discussion specific to Applicant’s specification and did not address the actual claim limitations. Therefore, Applicant’s arguments are unpersuasive.
Applicant argues on page 11 of the response, “Morever [sic], the claimed invention cannot reasonably be performed within a human mind. This invention involves operation information from ‘a plurality of information device’ ([0021]).” In response, the claims do not define the claimed “operation information” in any manner that would prevent a human from analyzing that information mentally or with a pen and paper.
Applicant argues on page 11 of the response, “In the embodiment described in the specification, 20 devices are managed…but in reality, this could expand to hundreds or thousands. At such a scale, collecting and aggregating data in real time and performing statistical comparisons on the ‘total quantity of the multiple events’ is something that cannot be practically carried out by the human minds [sic] or with pen and paper.” This argument is not persuasive because the claims do not require hundreds or thousands of devices. The claims do not even require real-time aggregation of the data. Therefore, Applicant’s evidence against the claimed invention being performed in the human mind relies on unclaimed elements.
Applicant argues on page 11 of the response, “The present invention also addresses the technical problems of ‘alert fatigue’ and high false positive rates that are common in SIEM system…” This argument is not persuasive because the presenting steps (i.e., alerts) are considered to be insignificant extra-solution activities (See MPEP 2106.05(d)(II)(i)). Therefore, limitations specific to displaying alerts or not displaying alerts would not be sufficient to be considered a technological improvement that would make the claims patent eligible.
Applicant argues on page 12 of the response, “The processor is not simply instructed to apply an abstract concept. It is configured to maintain an operation log database and lookup table as shown in many of the figures with a specific structure and to execute a set of specific algorithms based on the particular relationships among the data within it…so as to solve problems that are technical in nature instead of being non-technical such as business methods.” This argument is not persuasive because Applicant continues to reference unclaimed aspects of the claims to support patent eligibility. Examiner recommends amended the claims to include more of these unclaimed aspects of the invention.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 9, 10, require the determination of “whether the number of entries is minority in quantity relative to a total quantity of the multiple entries” based on a number of entries corresponding to “a same event” of the event information, which renders the claim indefinite because it is generally unclear what constitutes “a same event”. Without a clear indication of what constitutes “a same event”, it is not possible to determine the “number of entries”. The log includes multiple entries and each entry includes event information. This content of the event information is not defined by the claims, which makes the determination of “a same event” especially problematic. When comparing the event entries in the log, when is the condition met that would properly designate two entries as being the “same” as claimed?
Claims 1, 9, 10, require functionality to be performed response to the issuing of an “incorrect warning”, however, the claims do not define what constitutes an “incorrect warning” or how the issued warnings are determined to be “incorrect”.
Specifically, the claim limitation is structured such that functionality is performed response to an event, “incorrect warning”. However, as stated above, the claims fail to include a functional determination step that identifies any warnings as being “incorrect” as claimed. Applicant’s specification appears to suggest that such a determination is a human decision and not an autonomous determination performed by the processor. Therefore, it is generally unclear to when the claimed processor would responsively “receive an updated” as claimed.
Claims 1, 9, 10 have been amended to specify that the “incorrect warning” is a warning without a presence of a “genuine” risk, which renders the claims indefinite because neither the claims nor Applicant’s specification defines what constitutes a “genuine” risk and how such a genuine risk is determined.
Additionally, claims 1, 9, 10, require that the processor be configured “to not issue a warning for the operation”, which implies functionality defined by the absence of operation rather than a positively recited functional step. This limitation renders the claims indefinite because it is generally unclear whether the limitation refers to (1) a control routine that suppresses a warning, (2) a design choice omitting the warning functionality, or (3) a transient runtime state.
Claims 2-8 are rejected in view of their dependence upon claim 1.
Claim Rejections-35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-10 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. The reasons are as following:
When considering subject matter eligibility under 35 USC 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (2019 PEG, Step 1).
Specifically, claims 1, 9 and 10 are directed to an apparatus, computer program product and method respectively. Each of the claims falls under one of the four statutory classes of invention.
2019 PEG step 2A prong one requires the determination of whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea).
The limitation of “issue…” performs a technical action which usually can be considered an integration of the judicial exception (i.e. abstract idea) into a practical application. However, in the claims at issue, issuing a warning is described in a high level of generality that would not meet that threshold. Therefore, issuing a warning is by itself an abstract idea in that it can be performed by a person.
The limitation of “receive…” , “maintain…” and “determine…” which specifically read “receive” or “receiving” “from each of a plurality of information devices, operation information indicating an operation that has been performed on the information device, the operation information being associated with event information indicating an event caused by the operation in the information device, and accumulate the operation information in an operation log database” in claims 1, 9 and 10, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind, but for the recitation of generic computer components. That is, other than reciting “device” and “database”, nothing in the claim element precludes the steps from practically being performed in a human mind. For example, but for the “device” and “database” language, “receive” or “receiving”, in the context of these claims encompasses the user mentally, or manually with the aid of pen and paper, collecting information about events on devices, then see if operations associated with the event are different to a particular threshold and issue a warning.
The limitation of “refer” or “referring” is analyzed in parallel or similar way as above.
If a claim limitation, under its broadest reasonable interpretation, covers mental processes but for the recitation of generic computer components, then it falls within the "Mental Processes" grouping of abstract ideas (concepts performed in the human mind including an observation, evaluation, judgement, and opinion). Accordingly, the claim recites an abstract idea and the analysis moves to prong two of step 2A.
The claims do not include any additional elements that are sufficient to integrate the judicial exception into a practical application. In particular, claim 1 recites the additional elements “a processor”, “communication interface” and “information devices”, mere generic computer components.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The insignificant extra-solution activities identified above, which include the data-gathering, and presenting steps, are recognized by the courts as well-understood, routine, and conventional activities when they are claimed in a merely generic manner (e.g., at a high level of generality) or as insignificant extra-solution activity (See MPEP 2106.05(d)(II) (i) Receiving or transmitting data over a network, e.g., using the Internet to gather data, buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPO2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); (v) Presenting offers and gathering statistics, OIP Techs., 788 F.3d at 1362-63, 115 USPO2d at 1092- 93). The claim is not patent eligible.
Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea, thus fail to integrate the abstract idea into a practical application. See MPEP 2106.05(g).
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the obtaining and displaying steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.
The claims as a whole, do not amount to significantly more than the abstract idea itself. This is because the claims do not affect an improvement to the functioning of a computer itself; and the claim do not move beyond a general link of the use of an abstract idea to a particular technological environment.
Accordingly, claim 1 is non-statutory as being directed to a judicial exception without additional elements that integrate the exception into a practical application of that exception. The remaining independent claims 9 and 10 fall short the 35 USC 101 requirement under the same rationale.
The dependent claims 2-8 when analyzed and each taken as a whole are held to be patent ineligible under 35 USC 101 because the additional recited limitations fail to establish that the claims are not directed to an abstract idea. Specifically:
Claim 2 is dependent on claim 1 and includes all the limitations of claim 1. Therefore, claim 2 recites the same judicial exception of claim 1. The claim recites the additional limitation of “determining, in response to the number of entries being minority in quantity, whether the number of entries relative to the total quantity of the multiple entries is less than or equal to a percentage threshold”, under the broadest reasonable interpretation, would be considered part of the ”evaluation” and “judgement” steps in the “Mental Processes” grouping covering concepts performed in the human mind including an observation, evaluation, judgement, and opinion. According, the claims recites a judicial exception without additional elements that integrate the exception into a practical application of that exception.
Claim 3 is dependent on claim 1 and includes all the limitations of claim 1. Therefore, claim 3 recites the same judicial exception of claim 1. The claim recites the additional limitation of “determine, in response to the number of entries being minority in quantity, whether the number of entries is equal to or less than the threshold value from the threshold database which records the threshold value corresponding to the operation of the operation information as a different threshold value corresponds to a different operation from the operation of the operation information” under the broadest reasonable interpretation, would be considered part of the ”evaluation” and “judgement” steps in the “Mental Processes” grouping covering concepts performed in the human mind including an observation, evaluation, judgement, and opinion. According, the claims recites a judicial exception without additional elements that integrate the exception into a practical application of that exception.
Claim 4 is dependent on claim 2 and includes all the limitations of claim 2. Therefore, claim 4 recites the same abstract idea of claim 2. The claim recites the additional limitation of “determine, in response to the number of entries being minority in quantity, whether the number of entries is equal to or less than the threshold value from the threshold database which records the threshold value corresponding to the operation of the operation information as a different threshold value corresponds to a different operation from the operation of the operation information” under the broadest reasonable interpretation, would be considered part of the ”evaluation” and “judgement” steps in the “Mental Processes” grouping covering concepts performed in the human mind including an observation, evaluation, judgement, and opinion. According, the claims recites a judicial exception without additional elements that integrate the exception into a practical application of that exception.
Claim 5 is dependent on claim 1 and includes all the limitations of claim 1. Therefore, claim 5 recites the same abstract idea of claim 1. The claim recites the additional limitation of “determine, on a basis of state information indicating a state of each of the plurality of information devices, whether the information device is in an abnormal state; and keep from issuing the warning if the minority operation is performed on an information device in the abnormal state” under the broadest reasonable interpretation, would be considered part of the ”evaluation” and “judgement” steps in the “Mental Processes” grouping covering concepts performed in the human mind including an observation, evaluation, judgement, and opinion. According, the claims recites a judicial exception without additional elements that integrate the exception into a practical application of that exception.
Claim 6 is dependent on claim 5 and includes all the limitations of claim 5. Therefore, claim 6 recites the same abstract idea of claim 5. The claim recites the additional limitation of “wherein the operation information accumulated in the operation log database is also associated with information indicating whether the operation indicated by the operation information is a maintenance operation for maintaining a corresponding one of the plurality of information devices, and wherein the processor is configured to keep from issuing the warning if the minority operation is performed on one of the plurality of information devices in the abnormal state and the minority operation is the maintenance operation” under the broadest reasonable interpretation, would be considered part of the ”evaluation” and “judgement” steps in the “Mental Processes” grouping covering concepts performed in the human mind including an observation, evaluation, judgement, and opinion. According, the claims recites a judicial exception without additional elements that integrate the exception into a practical application of that exception.
Claim 7 is dependent on claim 1 and includes all the limitations of claim 1. Therefore, claim 7 recites the same abstract idea of claim 1. The claim recites the additional limitation of “wherein the processor is configured to keep, if a notification indicating that the issued warning is an incorrect warning is received, from issuing the warning thereafter even if the minority operation relating to the warning is performed on one of the at least one information device relating to the warning”, which further elaborates on the judicial exception and amount to data-gathering steps which is considered to be insignificant extra-solution activity, (See MPEP 2106.05(g)).
Claim 8 is dependent on claim 7 and includes all the limitations of claim 7. Therefore, claim 8 recites the same abstract idea of claim 8. The claim recites the additional limitation of “wherein the operation information accumulated in the operation log database is also associated with information indicating whether the operation indicated by the operation information is a maintenance operation for maintaining a corresponding one of the plurality of information devices, wherein the processor is configured to keep, if a notification indicating that the issued warning is an incorrect warning, from issuing the warning thereafter even if the minority operation relating to the warning is performed on one of the at least one information device relating to the warning and the minority operation is the maintenance operation”, which further elaborates on the judicial exception and amount to data-gathering steps which is considered to be insignificant extra-solution activity, (See MPEP 2106.05(g)).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437