DETAILED ACTION
This action is responsive to RCE filed on January 9th, 2026.
Claims 1, 2, 5~9, 12~15, 18, 19, 21~23, and 25 are examined.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 01/09/26 has been entered.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/08/26 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
Applicant’s arguments with respect to claims 1, 2, 5~9, 12~15, 18, 19, 21~23, and 25 filed on 01/09/26 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1~3, 6, 8~10, 13, 15~17, 19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Mayer et al. hereinafter Mayer (U.S 7,890,869) in view of Vittal et al. hereinafter Vittal (U.S 2018/0314833), Muddu et al. hereinafter Muddu (U.S 2019/0173893) and further in view of Pendleton et al. hereinafter Pendleton (U.S 9,258,195).
Regarding Claim 1,
Mayer taught a method comprising:
accessing cyber-risk data associated with one or more particular assets of a plurality of assets (C2: 35~42, the quantization of security metrics, such as exposed risk, confidence factors, and the like, based upon incomplete network configuration data is herein termed “adaptive risk”; Fig. 2, network 200 is modeled including network infrastructure devices 210, 220 and 230);
determining whether the cyber-risk data for each particular asset satisfies one or more visual configuration thresholds based at least in part on comparing a risk score of the cyber-risk data for each particular asset to the one or more visual configuration thresholds (C10: 21~29, a “security risk score” (SRS) may be determined for host servers based upon business value of the host server and upon threat likelihood; C13: 21~41, the user could specify importance as servers having the highest security risk score, servers having the highest business value, servers having the greatest increase in security risk score over a given time period; Fig. 5B);
in accordance with a determination that the cyber-risk data satisfies the one or more visual configuration thresholds, configuring one or more visual nodes of a hierarchical asset graph for the plurality of assets based at least in part on one or more asset groupings, the one or more visual nodes corresponding to the one or more particular assets and configured to visually indicate the cyber-risk data for each particular asset that satisfies the one or more visual configuration thresholds (C11: 31~44, Fig. 4A, the link risk distribution illustrates a plots harm potential (risk) versus number of servers. As shown, harm potential (probability) is illustrated by a red cylinder. In this example, the diameter of the red cylinder represents the harm potential, the diameter of the gray cylinder represents the asset value, and the greater the respective diameters, the greater the harm/value); and
providing the hierarchical asset graph for display via a graphical user interface (C13: 1~8, visualization of network-wide risk analysis in the form of a graphical user interface with customizable at-a-glance views of the network: Figs. 4A and 4B).
Mayer did not specifically teach wherein configuring at least one of a first or a second visual node to visually indicate a first risk score associated with the first visual node or the second visual node, wherein the first visual node and the second visual node are in a first asset grouping level of the hierarchical asset graph, receiving a selection of a new visual node via the graphical user interface; determining that the new visual node corresponds to the first asset grouping level by matching the new visual node to the first visual node; reconfiguring the hierarchical asset graph to visually display the new visual node in the first asset grouping level.
Vittal taught configuring at least one of a first or a second visual node to visually indicate a first risk score associated with the first visual node or the second visual node [¶44, if a cyber asset such as a zone is dragged and dropped, the system automatically identifies data options like risk score, risk area, active risk indicators, etc., for that zone],
wherein the first visual node and the second visual node are in a first asset grouping level of the hierarchical asset graph [¶70~¶72, Fig. 4, ‘404 Overall Site Risk’, ‘406, Risk by Zones’, ‘408, Risk of each area’];
wherein the third visual node is in a second asset grouping level of the hierarchical asset graph [¶70~¶72, Fig. 4, ‘404 Overall Site Risk’, ‘406, Risk by Zones’, ‘408, Risk of each area’];
receiving a selection of a new visual node via the graphical user interface [¶57, the system receives a selection of an asset for analysis by receiving a “drag and drop” of an icon or other element representing the asset into a designated portion of the risk manager graphic user interface];
determining that the new visual node corresponds to the first asset grouping level by matching the new visual node to the first visual node [¶58, system determines if the selected asset is the first item in a group; ¶59, determines if the new asset matches the asset(s) already in the group. “Matching” can include being of the same type, category, zone];
reconfiguring the hierarchical asset graph to visually display the new visual node in the first asset grouping level [¶60, if the new item does not match the assets already in the group, then the system accepts the addition of the selected asset; ¶62, processes the asset with current and historical cyber-risk data to produce data options and relevant views for the analysis]; and
providing the reconfigured hierarchical asset graph for display via the graphical user interface [¶67, system displays the output as a report in the graphical user interface].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Vittal’s teaching of limitations with the teachings of Mayer, because the combination would provide the novel ability to change to any visual type for the same data to enable efficient comparison of data and proactively unearth improper configuration and implicit risks [Vittal: ¶45]
The combination of Mayer and Vittal did not specifically teach wherein configuring a third visual node to visually indicate a nodal risk indicator associated with the third visual node, wherein the nodal risk indicator is configured to visually indicate that the third visual node is associated with a cyber risk, wherein the third visual node is in a second asset grouping level of the hierarchical asset graph, wherein the first visual node and the third visual node are connected via a second visual edge; and configuring the first visual edge and the second visual edge to visually indicate an edge risk indicator, wherein the edge risk indicator is configured to visually indicate that the second visual node is at risk of being impacted by the cyber risk associated with the third visual node via the first visual edge, the first visual node, and the second visual edge.
Muddu taught wherein the first visual node and the second visual node are connected via a first visual edge [¶357, each edge in such a graph represents an association between the entities represented by the vertices (nodes)];
configuring a third visual node to visually indicate a nodal risk indicator associated with the third visual node, wherein the nodal risk indicator is configured to visually indicate that the third visual node is associated with a cyber risk, wherein the first visual node and the third visual node are connected via a second visual edge [¶620, feature scores are calculated on a per-entity basis and can be understood broadly as a quantified evaluation of a level of risk associated with the entity or a likelihood that the entity is associated with malware; ¶357]; and
configuring the first visual edge and the second visual edge to visually indicate an edge risk indicator, wherein the edge risk indicator is configured to visually indicate that the second visual node is at risk of being impacted by the cyber risk associated with the third visual node via the first visual edge, the first visual node, and the second visual edge [¶355, threat indicator data 2306 may include annotated information about entities (e.g. users, devices, etc.) associated with the threat indicator and the threat indicator graph may include a plurality of vertices (nodes) representing entities associated with the computer network and a plurality of edges, each of the plurality of edges representing a threat indicator linking two of the plurality of vertices (nodes); ¶371, ¶416~¶417, Fig. 36 shows nodes U1-U11 (users) and nodes IP1-IP7 (devices) and anomaly nodes I1-I4 representing suspicious activity; ¶477, Figs. 40F~40H].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Muddu’s teaching of limitations with the teachings of Mayer-Vittal, because the combination would detect similarities between users or devices and/or detecting deviations in an entity's activity from a behavioral baseline [Muddu: ¶545].
The combination of Mayer, Vittal, and Muddu did not specifically teach wherein the first visual node and the second visual node are connected via a first visual edge indicating a communication status between at least a first asset associated with the first visual node and a second asset associated with the second visual node, wherein the communication status is one of intact communication connection between the first asset and the second asset or faulty communication connection between the first asset and the second asset, wherein a visual indicator of a plurality of visual indicators corresponding to the communication status is positioned relative to the first visual edge.
Pendleton taught wherein the first visual node and the second visual node are connected via a first visual edge indicating a communication status between at least a first asset associated with the first visual node and a second asset associated with the second visual node (C11:49~C12:1~14, Fig. 10, link 136 extends from component_1_Site 3 node 94 to component_Q_site 3 node 94. Link 136 represents connectivity status from the perspective of component_site of Site 3),
wherein the communication status is one of intact communication connection between the first asset and the second asset or faulty communication connection between the first asset and the second asset (C5:31~14, connectivity status represented by a link utilize color scheme. A green link can indicate that a selected component can connect to the other component represented by the node to which the link connects (e.g., a switch, a server). A red link can indicate that a selected component cannot connect to the other component(s) represented by the node to which the link connects),
wherein a visual indicator of a plurality of visual indicators corresponding to the communication status is positioned relative to the first visual edge (C8:51~53, different thickness of lines and/or lengths of links can be utilized to differentiate between different levels of connectivity status).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine,Pendleton’s teaching of limitations with the teachings of Mayer, Vittal, and Muddu, because the combination would provide an easily understandable and comprehensive view of network operation [Pendleton: Background].
Regarding Claim 2,
Mayer taught wherein the hierarchical asset graph comprises at least one of a plurality of visual nodes corresponding to respective assets or respective asset groupings and a plurality of visual edges, a visual edge connecting two particular visual nodes and visually indicating a relationship between the respective assets or the respective asset groupings corresponding to each of the two particular visual nodes (Fig. 4A and associated description).
Regarding Claim 6,
Mayer-Vittal-Muddu-Pendleton taught further comprising: determining a network communication status between two assets corresponding to two visual nodes connected by a visual edge; and configuring the visual edge to visually indicate the network communication status between the two assets (C5:31~14; C8:51~53; C11:49~C12:1~14). The rationale to combine as discussed in claim 1, applies here as well.
Regarding Claims 21,
Mayer-Vittal taught further comprising: generating a reconfigured hierarchical asset graph based on one or more inputs, wherein the reconfigured hierarchical asset graph is configured in accordance with a condensed state [Fig. 5, ‘502’]. The rationale to combine as discussed in claim 1, applies here as well.
Regarding Claims 8, 9, 13, 15, and 19, the claims are similar in scope to claims 1 and 2 and therefore, rejected under the same rationale.
Claims 5, 12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Mayer, Vittal, Muddu and Pendleton in view of Matsunaga et al. hereinafter Matsunaga (JP 6016982 B1).
Regarding Claim 5,
Mayer-Vittal-Muddu-Pendleton-Matsunaga taught further comprising, in accordance with the cyber-risk data satisfying the one or more visual configuration thresholds, configuring a visual edge connecting two visual nodes to visually indicate the cyber-risk data mapped to one or both of the two visual nodes and that satisfies the one or more visual configuration thresholds and/or a network communication status between the one or more visual nodes [¶28~¶30, the edges 40 to 45 corresponding to the connection relationship between the nodes have a length reflecting the distance between the nodes corresponding to the magnitude of the security risk].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Matsunaga’s teaching of limitations with the teachings of Mayer, Vittal, Maddu, and Pendleton, because the combination would provide a means to display an analysis result so that the level of security risk of each component on the system can be easily grasped visually [Matsunaga: ¶13].
Regarding Claims 12 and 18, the claims are similar in scope to claim 5 therefore, rejected under the same rationale.
Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Mayer, Vittal, Muddu and Pendleton in view of Bodbyl et al. hereinafter Bodbyl (U.S 2021/0012115).
Regarding Claim 7,
Mayer-Vittal-Muddu-Pendleton-Bodbyl taught further comprising: identifying one or more discrete risk events from the cyber-risk data, a discrete risk event being associated with a priority level and a timestamp; and providing an event feed for display, the event feed visually indicating the one or more discrete risk events according to the respective priority levels and/or the respective timestamps [¶101, Fig. 10, visually prioritizing indications of alarms if the accessed risk score satisfies a specified criterion. Indications of alarms can be visually prioritized, by highlighting the indication, sizing the indication larger relative to indications of lower priority alarms, placing the indication of the alarm higher in a displayed listing of multiple indications of other alarms; ¶53].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Bodbyl’s teaching of limitations with the teachings of Mayer, Vittal, Muddu and Pendleton, because the combination would solve large volumes of alarms received from multiple client sites where time and resources spent processing false or otherwise low-priority alarms can greatly impact the ability of such systems to protect against actual threats [Bodbyl: ¶19].
Regarding Claim 14, the claim is similar in scope to claim 7 and therefore, rejected under the same rationale.
Claims 22 and 25 is rejected under 35 U.S.C. 103 as being unpatentable over Mayer, Vittal, Muddu and Pendleton in view of Hu et al. hereinafter Hu (U.S 2020/0204456).
Regarding Claims 22,
Mayer-Vittal-Muddu-Pendleton-Hu taught wherein configuring the one or more visual nodes further comprises configuring a visual edge connecting two visual nodes to visually indicate a faulted network communication status between the two visual nodes [¶19, Fig. 1, physical sites (e.g., San Jose 1, San Jose 2) are in close proximity in the same region (e.g., San Jose). Each tab represents a corresponding physical site and may include a topology map for the corresponding physical site; ¶23, Fig. 1, the communication link can connect a node representing a building unit to a node representing an associated internetworking device to indicate a connection path between the building unit and the internetworking device; ¶25, state indicator may be displayed with a node in the computer-generated graphical user interface. The state indicator measures a network communication status of the node to identify the quality of the connection of the node. The state indicator can be represented as three or more categories such as “poor,” “fair,” and “good.” Each category of state indicator may be represented in a different color that the user can easily identify the connection status of the node in the graphical user interface].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Hu’s teaching of limitations with the teachings of Mayer, Vittal, Muddu and Pendleton, because the combination would allow users to easily understand the connection of the networking elements in details despite the diversified association between nodes located in different sites [Hu: ¶48].
Regarding Claims 25,
Mayer-Vittal-Muddu-Pendleton-Hu taught wherein configuring the first visual edge and the second visual edge to visually indicate the edge risk indicator further comprises: determining that the first visual edge is not associated with a first faulted network communication status and the second visual edge is not associated with a second faulted network communication status [¶25, state indicator may be displayed with a node in the computer-generated graphical user interface. The state indicator measures a network communication status of the node to identify the quality of the connection of the node. The state indicator can be represented as three or more categories such as “poor,” “fair,” and “good.” Each category of state indicator may be represented in a different color that the user can easily identify the connection status of the node in the graphical user interface]. The rationale to combine as discussed in claim 22, applies here as well.
Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Mayer, Vittal, Muddu and Pendleton in view of Iyer et al. hereinafter Iyer (U.S 2019/0138718).
Regarding Claims 23,
Mayer-Vittal-Muddu-Pendleton-Iyer taught wherein the first risk score is determined at least by aggregating a second risk score with the third visual node and a third risk score associated with a fourth visual node in the second asset group level [VIttal: ¶70~¶72, Fig. 4, ‘404 Overall Site Risk’, ‘406, Risk by Zones’, ‘408, Risk of each area’],
wherein the first visual node and the second visual node are grouped in the first asset grouping level in response to the first visual node and the second visual node being located in a same geographic area [Vittal: ¶70, GUI 400 browsing by risk location], and
wherein the third visual node and the fourth visual node are grouped in the second asset grouping level in response to the third risk score being within a predetermined range and the fourth risk score being within the predetermined range [¶119, add an entity to the subset of entities in response to determining that the risk score of the entity exceeds a risk score threshold value. The risk score threshold value may be a fixed value or may be relative to other entitles in a peer group, for example, the risk score threshold may be related to the statistical baseline (e.g., average, medium) of risk scores].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was made, to combine, Iyer’s teaching of limitations with the teachings of Mayer, Vittal, Muddu and Pendleton, because the combination would allow the user to focus on the objects associated with the largest values of risk security scores [Iyer: ¶58].
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE SOO KIM whose telephone number is (571)270-3229. The examiner can normally be reached M-F 9AM-5PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on (571) 272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HEE SOO KIM/Primary Examiner, Art Unit 2443