DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The amendment filed 1/27/2026 has been placed of record in the file.
Claims 1 and 11 have been amended.
The double patenting rejection remains of record.
Claims 1-20 are pending.
The applicant’s arguments with respect to claims 1-20 have been fully considered but they are not persuasive as discussed below.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/27/2026 has been entered.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hamdi (U.S. Patent Application Publication Number 2022/0109689) in view of Capellman (U.S. Patent Application Publication Number 2023/0281314), further in view of Trivellato et al. (U.S. Patent Application Publication Number 2020/0412758), hereinafter referred to as Trivellato.
Hamdi disclosed techniques for monitoring asset risk scores. In an analogous art, Capellman disclosed techniques for determining risk scores based on device data. Also in an analogous art, Trivellato disclosed techniques for determining a comprehensive risk score across a plurality of entities. All of these systems are directed toward managing asset risk in a computer environment.
Regarding claim 1, Hamdi discloses an apparatus for updating risk determination based on real-time changes in cyber security risk, the apparatus comprising: at least a processor; and a memory communicatively coupled to the at least a processor, the memory comprising instructions configuring the at least a processor to: receive a cyber profile associated with a digital environment (paragraph 72, asset context); receive a risk profile associated with the cyber profile (paragraph 72, risk context); determine a risk evaluation component by identifying at least one digital security deficiency for the digital environment based on at least one of the cyber profile and risk profile (paragraph 76, determines risk score, and paragraph 74, uses security information such as asset vulnerabilities, security holes, etc.), wherein determining the risk evaluation component comprises generating a remediation action based on at least the data of the risk profile (paragraph 77, performs remedial actions based on risk); determine a digital security measure as a function of at least one of the cyber profile and the risk profile (paragraph 73, uses security information such as access rights, black list, etc.); monitor for a digital environment modification as a function of the at least one digital security deficiency and the digital security measure (paragraph 70, collects data indicative of attributes); detect the digital environment modification as a function of the at least one digital security deficiency and the digital security measure (paragraph 70, detects change in attributes); and update the risk evaluation component as a function of the digital environment modification (paragraph 76, updates risk score).
Hamdi does not explicitly state identifying the at least one digital security deficiency using a security deficiency machine learning model generated by a digital analysis module and generating the remediation action using the security deficiency machine learning model. However, utilizing machine learning models in such a fashion was well known in the art as evidenced by Capellman. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Hamdi by adding the ability for identifying the at least one digital security deficiency using a security deficiency machine learning model generated by a digital analysis module and generating the remediation action using the security deficiency machine learning model as provided by Capellman (see paragraph 57, uses machine-learning model to determine vulnerability). One of ordinary skill in the art would have recognized the benefit that using machine learning in this way would assist in reducing the amount of data to be monitored and analyzed (see Capellman, paragraph 14).
The combination of Hamdi and Capellman does not explicitly state wherein the risk profile comprises cyber-attack protection data wherein the cyber-attack protection data comprises degree of single points of failure data wherein the degree of single points of failure data indicates a level of failure associated with each digital asset of a plurality of digital assets, wherein a greater level of failure corresponds to a larger portion of the digital environment losing functionality upon failure of the digital asset, the data of the risk profile including the degree of single points of failure data. However, determining a risk context in such a fashion was well known in the art as evidenced by Trivellato. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Hamdi and Capellman by adding the ability that the risk profile comprises cyber-attack protection data wherein the cyber-attack protection data comprises degree of single points of failure data wherein the degree of single points of failure data indicates a level of failure associated with each digital asset of a plurality of digital assets, wherein a greater level of failure corresponds to a larger portion of the digital environment losing functionality upon failure of the digital asset, the data of the risk profile including the degree of single points of failure data as provided by Trivellato (see paragraphs 112 and 121, operational failure impact value, and paragraph 125, risk values associated with plurality of entities, and paragraph 109, considers impact of failure of single device on other devices). One of ordinary skill in the art would have recognized the benefit that assessing risk in this way would assist in preventing the spread of infection in order to better secure communication networks (see Trivellato, paragraph 2).
Regarding claim 2, the combination of Hamdi, Capellman, and Trivellato discloses wherein determining the risk evaluation component comprises calculating, by the processor, a security score for the digital environment (Hamdi, paragraph 76, risk score).
Regarding claim 3, the combination of Hamdi, Capellman, and Trivellato discloses wherein the digital environment modification comprises a cyber profile modification and the memory further comprises instructions configuring the at least a processor to: detect the cyber profile modification; and update the security score based on the cyber profile modification (Hamdi, paragraph 74, updates database responsive to asset changes, and paragraph 76, updates risk score).
Regarding claim 4, the combination of Hamdi, Capellman, and Trivellato discloses wherein the cyber profile modification comprises a digital asset modification (Hamdi, paragraph 69, attributes are of particular asset).
Regarding claim 5, the combination of Hamdi, Capellman, and Trivellato discloses wherein the memory further comprises instructions configuring the at least a processor to generate modified digital asset profile data based on the digital asset modification (Hamdi, paragraph 70, change in attributes).
Regarding claim 6, the combination of Hamdi, Capellman, and Trivellato discloses wherein the updating the security score based on the change to the cyber profile comprises updating, by the processor, the security score as a function of the modified digital asset profile data (Hamdi, paragraph 76, updates risk score).
Regarding claim 7, the combination of Hamdi, Capellman, and Trivellato discloses wherein determining the risk evaluation component comprises identifying, by the processor, at least one digital environment liability for the digital environment (Hamdi, paragraph 77, risk score exceeds threshold).
Regarding claim 8, the combination of Hamdi, Capellman, and Trivellato discloses wherein the memory further comprises instructions configuring the at least a processor to: detect a risk profile modification; and update at least one digital environment liability based on the risk profile modification (Hamdi, paragraph 77, takes corrective action, and paragraph 77, compares risk score to threshold).
Regarding claim 9, the combination of Hamdi, Capellman, and Trivellato discloses wherein the risk profile modification comprises a cyber-attack recovery protocol modification (Hamdi, paragraph 77, corrective action).
Regarding claim 10, the combination of Hamdi, Capellman, and Trivellato discloses wherein the memory further comprises instructions configuring the at least a processor to generate modified cyber-attack recovery protocol data based on the cyber-attack recovery protocol modification (Hamdi, paragraph 77, adjusts asset parameters, etc.).
Regarding claim 11, Hamdi discloses a method for updating risk determination based on real-time changes in cyber security risk comprising: receiving, by a processor, a cyber profile associated with a digital environment (paragraph 72, asset context); receiving, by the processor, a risk profile associated with the cyber profile (paragraph 72, risk context); determining, by the processor, a risk evaluation component by identifying at least one digital security deficiency for the digital environment based on at least one of the cyber profile and risk profile (paragraph 76, determines risk score, and paragraph 74, uses security information such as asset vulnerabilities, security holes, etc.), wherein determining the risk evaluation component comprises generating a remediation action based on at least the data of the risk profile (paragraph 77, performs remedial actions based on risk); determining, by the processor, a digital security measure as a function of at least one of the cyber profile and the risk profile (paragraph 73, uses security information such as access rights, black list, etc.); monitoring, by the processor, for a digital environment modification as a function of the at least one digital security deficiency and the digital security measure (paragraph 70, collects data indicative of attributes); detecting, by the processor, the digital environment modification as a function of the at least one digital security deficiency and the digital security measure (paragraph 70, detects change in attributes); and updating, by the processor, the risk evaluation component as a function of the digital environment modification (paragraph 76, updates risk score).
Hamdi does not explicitly state identifying the at least one digital security deficiency using a security deficiency machine learning model generated by a digital analysis module and generating the remediation action using the security deficiency machine learning model. However, utilizing machine learning models in such a fashion was well known in the art as evidenced by Capellman. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Hamdi by adding the ability for identifying the at least one digital security deficiency using a security deficiency machine learning model generated by a digital analysis module and generating the remediation action using the security deficiency machine learning model as provided by Capellman (see paragraph 57, uses machine-learning model to determine vulnerability). One of ordinary skill in the art would have recognized the benefit that using machine learning in this way would assist in reducing the amount of data to be monitored and analyzed (see Capellman, paragraph 14).
The combination of Hamdi and Capellman does not explicitly state wherein the risk profile comprises cyber-attack protection data wherein the cyber-attack protection data comprises degree of single points of failure data wherein the degree of single points of failure data indicates a level of failure associated with each digital asset of a plurality of digital assets, wherein a greater level of failure corresponds to a larger portion of the digital environment losing functionality upon failure of the digital asset, the data of the risk profile including the degree of single points of failure data. However, determining a risk context in such a fashion was well known in the art as evidenced by Trivellato. Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Hamdi and Capellman by adding the ability that the risk profile comprises cyber-attack protection data wherein the cyber-attack protection data comprises degree of single points of failure data wherein the degree of single points of failure data indicates a level of failure associated with each digital asset of a plurality of digital assets, wherein a greater level of failure corresponds to a larger portion of the digital environment losing functionality upon failure of the digital asset, the data of the risk profile including the degree of single points of failure data as provided by Trivellato (see paragraphs 112 and 121, operational failure impact value, and paragraph 125, risk values associated with plurality of entities, and paragraph 109, considers impact of failure of single device on other devices). One of ordinary skill in the art would have recognized the benefit that assessing risk in this way would assist in preventing the spread of infection in order to better secure communication networks (see Trivellato, paragraph 2).
Regarding claim 12, the combination of Hamdi, Capellman, and Trivellato discloses wherein determining the risk evaluation component comprises calculating, by the processor, a security score for the digital environment (Hamdi, paragraph 76, risk score).
Regarding claim 13, the combination of Hamdi, Capellman, and Trivellato discloses detecting, by the processor, a cyber profile modification of the digital environment modification; updating, by the processor, the security score based on the cyber profile modification (Hamdi, paragraph 74, updates database responsive to asset changes, and paragraph 76, updates risk score).
Regarding claim 14, the combination of Hamdi, Capellman, and Trivellato discloses wherein the cyber profile modification comprises a digital asset modification (Hamdi, paragraph 69, attributes are of particular asset).
Regarding claim 15, the combination of Hamdi, Capellman, and Trivellato discloses generating, by the processor, modified digital asset profile data based on the modification to the digital asset (Hamdi, paragraph 70, change in attributes).
Regarding claim 16, the combination of Hamdi, Capellman, and Trivellato discloses wherein the updating the security score based on the change to the cyber profile comprises updating, by the processor, the security score as a function of the modified digital asset profile data (Hamdi, paragraph 76, updates risk score).
Regarding claim 17, the combination of Hamdi, Capellman, and Trivellato discloses wherein determining the risk evaluation component comprises identifying, by the processor, at least one digital environment liability for the digital environment (Hamdi, paragraph 77, risk score exceeds threshold).
Regarding claim 18, the combination of Hamdi, Capellman, and Trivellato discloses detecting, by the processor, a risk profile modification; and updating, by the processor, at least one digital environment liability based on the risk profile modification (Hamdi, paragraph 77, takes corrective action, and paragraph 77, compares risk score to threshold).
Regarding claim 19, the combination of Hamdi, Capellman, and Trivellato discloses wherein the risk profile modification comprises a cyber-attack recovery protocol modification (Hamdi, paragraph 77, corrective action).
Regarding claim 20, the combination of Hamdi, Capellman, and Trivellato discloses generating, by the processor, modified cyber-attack recovery protocol data based on the cyber-attack recovery protocol modification (Hamdi, paragraph 77, adjusts asset parameters, etc.).
Response to Arguments
In the remarks, the applicant has argued that the combination of Hamdi, Capellman, and Trivellato does not disclose the features newly added to the independent claims. However, it is maintained that the combination of Hamdi, Capellman, and Trivellato does teach these features. The applicant is directed to the newly added citations in the above rejection.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached at 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Victor Lesniewski/Primary Examiner, Art Unit 2493