DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. Claims 1 – 20 are currently pending in this application.
Claims 1, 6, 13, 17, and 19 are amended as filed on 09/11/2025.
Claims 5 and 16 are canceled as filed on 09/11/2025.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kannan et al. (Patent No. US 11,399,041 B1), hereinafter Kannan, in view of Mullins et al. (Pre-Grant Publication No. US 2023/0421578 A1), hereinafter Mullins, in view of Reddy et al. (Pre-Grant Publication No. US 2019/0109717 A1), hereinafter Reddy, and in further view of Yeager at al. (Pre-Grant Publication No. US 2003/0070070 A1), hereinafter Yeager, and in further view of Grover et al. (Pre-Grant Publication No. US 2022/0366088 A1), hereinafter Grover.
2. With respect to claims 1, 13, and 19, Kannan taught a method comprising: identifying, at a first node in a network, a potential security threat (10:40-49, where the peer group contains the first node), the first node comprising one of a plurality of nodes in a peer group, wherein each node in the peer group has a level of trust for each node in the peer group (10:40-62); receiving, at the first node, a security communication from one or more other nodes of the peer group, each security communication indicating that the node of the peer group sending the security communication has identified a potential security threat similar to the potential security threat identified by the first node (29:32 to 30:6); and taking a corrective action to neutralize the potential security threat at the first node (3:11-34. See also: 9:23-31, where the incident response is the corrective action).
However, Kannan did not explicitly state that the corrective action was taken in response to reaching a consensus with the other nodes of the peer group. On the other hand, Mullins did teach that the corrective action was taken in response to reaching a consensus with the other nodes of the peer group (0029). Both of the systems of Kannan and Mullins are directed towards managing security threats via peer groups and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Kannan to utilize consensus security determinations, as taught by Mullins, as it could be argued that this step is already being performed by Kannan as part of its functionality. However, it is not explicitly stated.
However, Kannan did not explicitly state wherein the plurality of nodes securely exchanges information between each node based on the level of trust and that the identified threat was a threat to the node sending the security communication. On the other hand, Reddy did teach, wherein the plurality of nodes securely exchanges information between each node based on the level of trust (0020, where the trust can be seen in, at least, 0043) and that the identified threat was a threat to the node sending the security communication (0020, the validation teaches that the node was a threat under broadest reasonable interpretation). Both of the systems of Kannan and Reddy are directed towards managing security threats via peer groups and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Kannan to utilize consensus security determinations, as taught by Reddy, as it could be argued that this step is already being performed by Kannan as part of its functionality. However, it is not explicitly stated.
However, Kannan did not explicitly state wherein each node of the plurality of nodes of the peer group comprises a computing device. On the other hand, Yeager did teach wherein each node of the plurality of nodes of the peer group comprises a computing device (claim 14, where the group of peer nodes can be seen). Both of the systems of Kannan and Yeager are directed towards managing security threat/trust via peer groups and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of Kannan to utilize computer node specific peer groups, as all of Kannan’s systems would likely be recognized via their computer systems. However, it is not explicitly stated.
However, the combination of Kannan and Mullins did not explicitly state reaching a consensus with the one or more other nodes in response to a number of the one or more other nodes exceeding a threshold number of nodes, wherein a value of the threshold number of nodes is dynamic and reduces in response to receiving the security communication from the one or more other nodes within a predefined amount of time. On the other hand, Grover did teach reaching a consensus with the one or more other nodes in response to a number of the one or more other nodes exceeding a threshold number of nodes, wherein a value of the threshold number of nodes is dynamic and reduces in response to receiving the security communication from the one or more other nodes within a predefined amount of time (0082-0083). Both of the systems of Mullins and Grover are directed towards multi-node consensus ratings and therefore, it would have been obvious to a person having ordinary skill in the art, at the time of the effective filing of the invention, to modify the teachings of the combination of Kannan and Mullins, to utilize time based threshold consensus, as taught by Grover, in order to maintain efficient consensus rankings.
3. As for claims 2 and 14, they are rejected on the same basis as claims 1 and 13 (respectively). In addition, Kannan taught wherein the first node comprises examples of normal operations and examples of operations indicative of a security threat and wherein identifying the potential security threat comprises determining that operations at the first node resemble operations indicative of a potential security threat (9:10-31, where the pattern of traffic indicating an attack implicitly teaches understanding what pattern of traffic is not an attack, which represents examples of normal operations under broadest reasonable interpretation).
4. As for claim 3, it is rejected on the same basis as claim 2. In addition, Kannan taught wherein the potential security threat differs from the examples of normal operations (9:10-31, where the pattern of traffic indicating an attack implicitly teaches understanding what pattern of traffic is not an attack, which represents examples of normal operations under broadest reasonable interpretation).
5. As for claims 4 and 15, they are rejected on the same basis as claims 2 and 14 (respectively). In addition, Kannan taught wherein determining that the operations comprise a potential security threat comprises using machine learning seeded with the examples of normal operations and examples of operations indicative of a security threat and/or additional learning based on previous operations to determine that the operations comprise a potential security threat. (9:10-31, where the pattern of traffic indicating an attack implicitly teaches understanding what pattern of traffic is not an attack, which represents examples of normal operations under broadest reasonable interpretation; wherein the machine learning can be seen in 12:37-52).
7. As for claims 6 and 17, they are rejected on the same basis as claims 5 and 16 (respectively). In addition, Mullins taught wherein the threat threshold number of nodes further changes based on: a type for the potential security threat; a number of nodes in the peer group that have identified a potential security threat that is similar to the potential security threat identified by the first node; and/or a seriousness of the potential security threat (0032, where the indicator of compromise and attack teach the type of threat and the score teaches the seriousness of the potential threat, 0033, where the different types of consensus can be seen, and the dynamic nature of the threshold can be seen in Kannan: 2:39-47).
8. As for claim 7, it is rejected on the same basis as claim 1. In addition, Kannan taught transmitting a security communication from the first node to each of the other nodes of the peer group, the security communication indicating that the first node identified the potential security threat (10:40-62).
9. As for claim 8, it is rejected on the same basis as claim 1. In addition, Kannan taught wherein each node of the peer group shares with each node of the peer group security communications relevant to determining potential security threats present at the node and/or security communications relevant to determining that potential security threats are not present at the node (10:40-62).
10. As for claim 9, it is rejected on the same basis as claim 1. In addition, Kannan taught transmitting, from the first node, the corrective action to neutralize the potential security threat to the other nodes of the peer group (3:11-34. See also: 9:23-31, where the incident response is the corrective action and where the sharing can be seen in 10:33-38).
11. As for claim 10, it is rejected on the same basis as claim 9. In addition, Kannan taught wherein the other nodes in the peer group that have identified a potential security threat similar to the potential security threat identified by the first node take the corrective action received from the first node (3:11-34. See also: 9:23-31, where the incident response is the corrective action).
12. As for claim 11, it is rejected on the same basis as claim 1. In addition, Mullins taught receiving, at the first node, potential corrective actions from other nodes of the peer group; and reaching a consensus with the other nodes of the peer group on a consensus corrective action to be taken by the first node and the other nodes of the peer group, wherein taking corrective action at the first node comprises taking corrective action based on the consensus corrective action (0029).
13. As for claim 12, it is rejected on the same basis as claim 1. In addition, Kannan taught wherein identifying a potential security threat comprises: identifying a potential security threat from received network communications; identifying a local authentication failure; identifying local malicious event patterns; and/or identifying indicators of a ransomware attack (9:23-31, where the pattern of network traffic, at least, teaches the network communication limitation).
14. As for claim 18, it is rejected on the same basis as claim 13. In addition, Kannan taught wherein: each node of the peer group shares with each of the other nodes of the peer group security communications relevant to determining potential security threats present at the node, security communications relevant to determining that potential security threats are not present at the node, and/or potential corrective actions (10:63 to 11:13); further comprising transmitting, from the first node, the corrective action to neutralize the potential security threat to the other nodes of the peer group, wherein the other nodes in the peer group that have identified a potential security threat similar to the potential security threat identified by the first node take the corrective action received from the first node (10:40-62); and/or further comprising reaching a consensus with the other nodes of the peer group on a consensus corrective action to be taken by the first node and the other nodes of the peer group, wherein taking corrective action at the first node comprises taking corrective action based on the consensus corrective action (0029).
15. As for claim 20, it is rejected on the same basis as claim 19. In addition, Mullins taught transmitting a security communication from the first node to each of the other nodes of the peer group, the security communication indicating that the first node identified the potential security threat; and transmitting, from the first node, the corrective action to neutralize the potential security threat to the other nodes of the peer group (0029).
Response to Arguments
Applicant’s arguments with respect to the claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH L GREENE whose telephone number is (571)270-3730. The examiner can normally be reached Monday - Thursday, 10:00am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R. Taylor can be reached at 571 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSEPH L GREENE/Primary Examiner, Art Unit 2443