Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Please vacate the Notice of Allowance mailed 09/16/2025 in light of the attached office action. Then, reset statutory period to response from the mailing date of this office action.
The Notice of Allowance mailed 09/16/2025 is withdrawn because the claims are failing as being indefinite of the 35 U.S.C. 112(b) second paragraph and 35 U.S.C. 101. Examiner apologies for causing any inconvenience.
Claims 1-20 are pending for examination.
Information Disclosure Statement
The information disclosure statement (IDS) filed on 12/11/2025 complies with the provisions of M.P.E.P 609. It has been placed in the application file. The information referred to therein has been considered as to the merits.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
QMA 4: Analyzing disclosure and claims for compliance with 35 U.S.C. 112
- Claim 1: recites “the security vulnerability” on line 29. This recitation lacks antecedent basis as this limitation was not previously introduced. Further, on line 35-36, “a security vulnerability” is introduced and on line 49 “the security vulnerability” is referred to again. This confusion in antecedent basis would appear to render the scope of the claim indefinite. Applicant is required for clarification.
- Claims 14 and 20: have similar recitation issues.
- All dependent claims are rejected based on the parent claims.
Claim Rejections - 35 USC§ 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 1, 14 and 20:
Step 1:
The claims are directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.
Step 2A, Prong One:
The claim recites the following limitations directed to an abstract idea:
• "determining first frequencies with which first keywords of a plurality of
keywords in the unstructured text occur in a first context in product
documentation regarding the computer program, the product documentation
is associated with a provider of the computer program, the first context is
associated with at least one of the computer program or a dependency of the
computer program" as drafted this recites a mental process as a form of
evaluation or judgement. One can mentally determine a frequency of a keyword in
an unstructured text occurs, by counting the occurrences and the total words.
• "determining second frequencies with which the first keywords occur in the
first context in a general language corpus" as drafted this recites a mental
process as a form of evaluation or judgement. One can mentally determine a
frequency of a keyword in a corpus of other text, by counting the occurrences and
the total words in the corpus.
• determining that a designated first keyword in the first keywords corresponds
to the computer program as a result of a difference between the first frequency
with which the designated first keyword occurs in the first context in the
product documentation and the second frequency with which the designated
first keyword occurs in the first context in the general language corpus being
greater than or equal to a first threshold" as drafted this recites a mental process
as a form of evaluation or judgement. One can mentally compare two frequencies or
values being greater than a threshold, and recognize or judge therefore the word
correspondence to a text/document based on increased frequency over a general
corpus.
• determining third frequencies with which second keywords of the plurality of
keywords in the unstructured text occur in a second context in a vulnerability
corpus, the second context is associated with the security vulnerability, the
vulnerability corpus is defined by words associated with one or more security
vulnerabilities; as drafted this recites a mental process as a form of evaluation or
judgement. One can mentally determine a frequency of a keyword in an
unstructured text, by counting the occurrences and the total words.
• determining fourth frequencies with which the second keywords occur in the
second context in the general language corpus" as drafted this recites a mental
process as a form of evaluation or judgement. One can mentally determine a
frequency of a keyword in a corpus of other text, by counting the occurrences and
the total words in the corpus.
• determining that a designated second keyword in the second keywords
corresponds to a security vulnerability as a result of a difference between the
third frequency with which the designated second keyword occurs in the
second context in the vulnerability corpus and the fourth frequency with which
the designated second keyword occurs in the second context in the general
language corpus being greater than or equal to a second threshold" as drafted
this recites a mental process as a form of evaluation or judgement. One can
mentally compare two frequencies or values being greater than a threshold, and
recognize or judge therefore the word correspondence to a text/document based on
increased frequency over a general corpus.
• "identifying a designated user-generated post in the user-generated posts as a
result of the designated user-generated post comprising the designated first
keyword, which corresponds to the computer program, and the designated
second keyword, which corresponds to the security vulnerability, by filtering
the user-generated posts that are included in the unstructured text … " as
drafted this recites a mental process as a form of evaluation or judgement. One can
mentally evaluate that a user-generated post (i.e. text) comprises certain words (i.e.
a first keyword and a second keyword) and recognize that the text is thus related to
the determined context/labels associated with the keywords due to their usage in
other text documents.
Step 2A, Prong Two:
The claim recites the following additional elements:
• That the method is "implemented by a computing system" is a high-level
recitation of a generic computer components and represents mere instructions to
apply on a computer as in MPEP 2106.05(f), which does not provide integration
into a practical application.
• "training a machine learning model by performing…" the above identified
mental processes and the "identifying" above being performed "using the machine
learning model" is at best generally linking the abstract idea to the particular field
of use or technological environment of machine learning (see MPEP 2106.05(h),
and/or akin to using machine learning as a mere tool (2106.05(f)). No specific type
of machine learning processing or techniques are recited in the claim itself, the
steps performed in this "training" are entirely mentally performable processes as
explained above, and the specification describes this machine learning in the claim
in terms of using generic ML models.
• "receiving the unstructured text from web-based sources, the unstructured text
including user-generated posts" recites insignificant extra-solution activity as
retrieval/receiving of data (i.e. mere data gathering) such as 'obtaining information'
as identified in MPEP 2106.05(g) and does not provide integration into a practical
application.
• "performing an action based at least on the designated user-generated post"
recites insignificant extra-solution activity such as mere outputting of the result.
Consistent with the specification in at least paragraph [0055] performing the action
includes "generating a report" and/or "storing" the subset of identified data. Both of
these are mere outputting of data, and do not meaningfully limit the abstract idea.
Viewing the additional limitations together and the claim as a whole, nothing provides
integration into a practical application.
Step 2B:
• The conclusions for the mere implementation using a computer, mere field of use,
and using generic computer components (i.e. ML) as a tool are carried over and do
not provide significantly more.
• With respect to the "receiving" identified as insignificant extra-solution activity
above when re-evaluated this element is well-understood, routine, and conventional
as evidenced by the court cases in MPEP 2106.05(d)(II), "i. Receiving or 6 transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary
computer to forward information); … OIP Techs., Inc., v. Amazon.com, Inc., 788
F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over
a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d
1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a
network);" and thus remains insignificant extra-solution activity that does not
provide significantly more.
• With respect to the "performing an action…" identified as insignificant extrasolution
activity above when re-evaluated this element is well-understood, routine,
and conventional as evidenced by the court cases in MPEP 2106.05(d)(II), "iv.
Storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP
Am., Inc., 793 F.3d 1306, 1334; i. … transmitting data over a
network, …Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an
intermediary computer to forward information); … OIP Techs., Inc., v.
Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015)
(sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350,
1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends
information over a network)".
Looking at the claim as a whole does not change this conclusion and the claim are ineligible under 35 U.S.C. 101.
- Claims 2-13 are depending to claim 1 and recite similar limitations. Therefore, the claims are ineligible under 35 U.S.C. 101.
- Claims 15-19 are depending claim 13 and recite similar limitations. Therefore, the claims are ineligible under 35 U.S.C. 101.
Allowable Subject Matter
Claims 1-20 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) 2nd paragraph and U.S.C. 101 set forth in this Office action.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Loan T. Nguyen whose telephone number is (571) 270-3103. The examiner can normally be reached on Monday from 10:00 am - 6:00 pm, Thursday-Friday from 10:00 am - 2:00 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aleksandr Kerzhner can be reached on (571) 270-1760. The fax phone number for the organization where this application or proceeding is assigned is 571-270-4103. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
12/15/2025
/LOAN T NGUYEN/Examiner, Art Unit 2165