DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant's amendments filed on 06/20/2025 has been received and entered. Currently Claims 1-7 and 23-35 are pending.
Response to Arguments
Applicant argues on pages 10-13 of applicant’s remarks that Ramzan and Madhu fail to suggest or disclose “by a cyber threat detection and deception system, obtaining from a data storage management system, service level information…wherein obtaining the service level information comprises interrogating a storage manager component of the data storage management system; by the cyber threat detection and deception system, using the service level information associated with the first data source to determine whether the first data source should be designated a critical data asset within the cyber threat detection and deception system” as recited in the amended claims.
The examiner respectfully disagrees. The examiner refers to the below 103 rejection of the claims. In particular, Ramzan teaches a threat detection system obtains data associated with a plurality of data assets (such as critical data) from a data management system (Fig.1, [0043]-[0046], [0067], [0073], [0099]). In an analogous art, Madhu teaches obtaining service level information to protect data assets, wherein in a data management system, each data source has an associated service level information ([0118]-[0120], [0124], [0133]-[0134], [0137]). One of ordinary skill in the art would recognize that the service level information is obtained from a storage memory. Madhu further teaches classifying a data source in various tiers of criticality based on its service level information ([0119]).
Although Madhu does not explicitly disclose a separate system for storing the service level information and a separate system to designate critical assets, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have two separate systems for the storing and the designating, since it has been held that constructing a formerly integral structure in various elements involves only routing skill in the art. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to try to have separate systems for the storing of the service level information and for the designating critical assets. There are only two options for the storing and the designating, having two separate systems performing the storing and designating or having the same system performing the storing and the designating. The result will be the same, service level information is obtained from memory and service level information is used to determine whether a data source should be designated as a critical asset
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan of a threat detection and remediation system and the protection of critical data with the teachings of Madhu to include identifying critical data based on service level agreement information in order to provide the threat detection system to identify which data in the system is critical to business objectives and to provide a disaster recovery for the critical data.
Therefore, the combination of Ramzan in view of Madhu teaches limitations of the claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 7, 25-28 and 34-35 are rejected under 35 U.S.C. 103 as being unpatentable over Ramzan et al. US2020/0233955 hereinafter referred to as Ramzan, in view of Madhu et al. US2016/0048408 hereinafter referred to as Madhu.
As per claim 1, Ramzan teaches a computer-implemented method comprising: by a cyber threat detection and deception system, obtaining from a data storage management system, data associated with a first data source that is protected by the data storage management system, wherein the first data source is among a plurality of data sources of the data storage management system (Ramzan Fig.1, paragraph [0043]-[0046], [0052], [0067], [0073], [0099], obtain data associated with data assets),
wherein the cyber threat detection and deception system comprises at least one hardware processor and computer memory, and wherein the data storage management system comprises at least one hardware processor and computer memory (Ramzan Fig. 1, Fig. 4, Fig. 5, paragraph [0014]-[0015]).
Ramzan does not explicitly disclose obtain service level information, wherein obtaining the service level information comprises interrogating a storage manager component of data storage management system; and
by system, using the service level information associated with first data source to determine whether the first data source should be designated a critical data asset within the system.
Madhu teaches obtain service level information, wherein obtaining the service level information comprises interrogating a storage manager component of data storage management system (Madhu paragraph [0118]-[0120], each data source has associated service level information. Paragraph [0119]-[0120], [0124], [0133]-[0134], [0137], obtain service level information to protect data assets)(One of ordinary skill in the art would recognize that the service level information is obtained from a storage memory);
by system, using the service level information associated with first data source to determine whether the first data source should be designated a critical data asset within the system (Madhu paragraph [0119], classify data source in various tiers of criticality based on service level information).
Although Madhu does not explicitly disclose a separate system for storing the service level information and a separate system to designate critical assets, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have two separate systems for the storing and the designating, since it has been held that constructing a formerly integral structure in various elements involves only routing skill in the art. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to try to have separate systems for the storing of the service level information and for the designating critical assets. There are only two options for the storing and the designating, having two separate systems performing the storing and designating or having the same system performing the storing and the designating. The result will be the same, service level information is obtained from memory and service level information is used to determine whether a data source should be designated as a critical asset
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan of a threat detection and remediation system and the protection of critical data with the teachings of Madhu to include identifying critical data based on service level agreement information in order to provide the threat detection system to identify which data in the system is critical to business objectives and to provide a disaster recovery for the critical data.
As per claim 2, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: by the cyber threat detection and deception system, determining that the first data source should be designated a critical data asset within the cyber threat detection and deception system, based on determining that the service level information associated with the first data source comprises a shortest recovery point objective (RPO) among a plurality of RPO values corresponding to a plurality of data sources that are protected by the data storage management system (Ramzan paragraph [0043]-[0046], [0052], [0073]; Madhu paragraph [0119], classify data source as tier 1, most critical, based on shortest RPO).
As per claim 3, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: by the cyber threat detection and deception system, determining that the first data source should be designated a critical data asset within the cyber threat detection and deception system, based on determining that the service level information associated with the first data source comprises a shortest recovery time objective (RTO) among a plurality of RTO values corresponding to the plurality of data sources (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0119], classify data source as tier 1, most critical, based on shortest RTO).
As per claim 7, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: based on designating the first data source a critical data asset within the cyber threat detection and deception system, transmitting to the data storage management system an indication that the cyber threat detection and deception system has designated the first data source a critical data asset (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0007], [0056], [0058], [0119]-[0120], indicate critical assets and schedule disaster recovery plan such as backups of data).
As per claim 25, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 wherein the service level information associated with the first data source is obtained from a storage policy of the data storage management system (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0119]-[0120], disaster recovery plan which includes policies such as SLA and associated RPOs and RTOs).
As per claims 26-28 and 34-35, the claims claim a system essentially corresponding to the method claims 1-3, 7 and 25 above, and they are rejected, at least for the same reasons.
Claims 4, 23, 29 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Ramzan in view of Madhu, and further in view of Bhosale et al. US2020/0320208 hereinafter referred to as Bhosale.
As per claim 4, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: by the cyber threat detection and deception system, determining that the first data source should be designated a critical data asset within the cyber threat detection and deception system, based on determining that the service level information associated with the first data source comprises data (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0119], classify data source as tier 1, most critical).
Ramzan in view of Madhu does not explicitly disclose a highest backup frequency among a plurality of backup frequency values corresponding to plurality of data sources.
Bhosale teaches disclose a highest backup frequency among a plurality of backup frequency values corresponding to plurality of data sources (Bhosale paragraph [0147], [0162]-[0163], critical data are backed up at a higher frequency).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Bhosale to include critical data are backed up at a higher frequency because the results would have been predictable and resulted in identifying assets as critical based on its backup frequency. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Bhosale to include critical data are backed up at a higher frequency in order to protect critical assets by backing them up frequently.
As per claim 23, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: by the cyber threat detection and deception system, determining that the first data source should be designated a critical data asset within the cyber threat detection and deception system, based on determining that the service level information associated with the first data source (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0119], classify data source as tier 1, most critical).
Ramzan in view of Madhu does not explicitly disclose indicates that secondary copies based on first data source are stored in air-gapped storage.
Bhosale teaches indicates that secondary copies based on first data source are stored in air-gapped storage (Bhosale paragraph [0152], [0156], air gapped copies of data are made).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Bhosale to include creating air gapped copies of critical data because the results would have been predictable and resulted in identifying assets as critical based on its backup being stored in air gapped storage. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Bhosale to include creating air gapped copies of critical data in order to protect critical assets by backing them up in air gapped storage.
As per claims 29 and 32, the claims claim a system essentially corresponding to the method claims 4 and 23 above, and they are rejected, at least for the same reasons.
Claims 5 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Ramzan in view of Madhu, and further in view of Bhosale et al. US2020/0320208 hereinafter referred to as Bhosale, and Kaczmarczyk et al. US2017/0131934 hereinafter referred to as Kaczmarczyk.
As per claim 5, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: by the cyber threat detection and deception system, determining that the first data source should be designated a critical data asset within the cyber threat detection and deception system, based on determining that the service level information associated with the first data source comprises data (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0119], classify data source as tier 1, most critical).
Ramzan in view of Madhu does not explicitly disclose a highest frequency of generating copies of first data source among a plurality of frequency values of generating copies corresponding to plurality of data sources.
Bhosale teaches a highest frequency of generating copies of first data source among a plurality of frequency values of generating copies corresponding to plurality of data sources (Bhosale paragraph [0147], [0162]-[0163], critical data are backed up at a higher frequency).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Bhosale to include critical data are backed up at a higher frequency because the results would have been predictable and resulted in identifying assets as critical based on its backup frequency. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Bhosale to include critical data are backed up at a higher frequency in order to protect critical assets by backing them up frequently.
Ramzan in view of Madhu and Bhosale does not explicitly disclose synthetic-full copies.
Kaczmarczyk teaches synthetic-full copies (Kaczmarczyk paragraph [0243], [0274], incremental back ups).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu and Bhosale of identifying and protecting critical data with the teachings of Kaczmarczyk to include incremental backups in order to conserve system resources and reduce the timing needed to backup critical data.
As per claim 30, the claim claims a system essentially corresponding to the method claim 5 above, and is rejected, at least for the same reasons.
Claims 6 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Ramzan in view of Madhu, and further in view of Neporada et al. USPN10,761,742 hereinafter referred to as Neporada.
As per claim 6, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: by the cyber threat detection and deception system, determining that the first data source should be designated a critical data asset within the cyber threat detection and deception system, based on determining that the service level information associated with the first data source (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0119], classify data source as tier 1, most critical).
Ramzan in view of Madhu does not explicitly disclose indicates that secondary copies based on first data source are stored in append-only storage.
Neporada teaches indicates that secondary copies based on first data source are stored in append-only storage (Neporada paragraph [col 8 lines 10-40, backups are stored in append only storage).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Neporada to include data backups are stored in append only storage because the results would have been predictable and resulted in identifying assets as critical based on its storage attribute. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Neporada to include storing data backups in append only storage in order to protect critical assets by storing them in append only storage which reduces the number of errors during data archiving and prevents the critical data copy from being deleted.
As per claim 31, the claim claims a system essentially corresponding to the method claim 6 above, and is rejected, at least for the same reasons.
Claims 24 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over Ramzan in view of Madhu, and further in view of Dwarampudi et al. US2020/0183794 hereinafter referred to as Dwarampudi.
As per claim 24, Ramzan in view of Madhu teaches the computer-implemented method of claim 1 further comprising: by the cyber threat detection and deception system, determining that the first data source should be designated a critical data asset within the cyber threat detection and deception system, based on data (Ramzan paragraph [0043]-[0046], [0073]; Madhu paragraph [0119], classify data source as tier 1, most critical).
Ramzan in view of Madhu does not explicitly disclose secondary copies based on first data source are maintained in data storage management system.
Dwarampudi teaches secondary copies based on first data source are maintained in data storage management system (Dwarampudi paragraph [0186], [0188], secondary and auxiliary copies are maintained).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Dwarampudi to include maintaining secondary and auxiliary copies of data because the results would have been predictable and resulted in identifying assets as critical based on the number of copies of the data. It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ramzan in view of Madhu of identifying critical data based on service level agreement information with the teachings of Dwarampudi to include maintaining secondary and auxiliary copies of data in order to protect critical assets by creating multiple copies of the critical asset.
As per claim 33, the claim claims a system essentially corresponding to the method claim 24 above, and is rejected, at least for the same reasons.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY TSANG/Primary Examiner, Art Unit 2495