DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11 November 2025 has been considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Mizrahi et al., USPN 2022/0159033 in view of Carter et al., USPN 2003/0051026.
With regard to claim 1, Mizrahi discloses a method for providing security management for a system (0004-0006, 0011) using an expert system (0013), the method including receiving, at the expert system, a representation of the system generated based on data specifying rights allocated to entities in the system (0016-0025) which include actions the entities are allowed to perform within the system (0016-0025), providing security management at the expert system by analyzing, by the expert system, the representation of the system to identify sets of one or more actions that could be taken by an attacker to access an identified resource based on at least the access rights allocated to the entities in the system (0032, 0081), wherein the actions are identified based on at least the data specifying the rights allocated to the entities in the system (0045, 0097-0098), processing, by the expert system, the sets of one or more actions to identify a subset of at least some of the sets of one or more actions (0045-0051) to be monitored at the system (0052-0064),wherein the subset of the at least some of the sets of one or more actions are identified based on at least how common respective actions are across the sets of one or more actions (0055-0070),monitoring the system actions using detection signatures generated by the expert system to detect occurrences of respective actions of the subset of at least some of the sets of one or more actions at the system (0075), and wherein the expert system adds facts learned from processing the representation, processing the actions, and monitoring the system to a knowledgebase (0033). The method of Mizrahi is focused on detecting system weaknesses, and less focused on real time monitoring of those vectors. Carter discloses a method for providing security management for a system using an expert system (0168, 0171, 0172, 0188), similar to that of Mizrahi, and further discloses more detail on how to implement the method for system security, such as monitoring the system actions using detection signatures generated by the expert system to detect occurrences of respective actions of the subset of at least some of the sets of one or more actions at the system (0218-0219, 1055), and wherein the expert system adds facts learned from processing the representation, processing the actions, and monitoring the system to a knowledgebase (0220, 1056, 1066). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to implement the monitoring and security implementation of Carter in the method of Mizrahi for the motivation of improving system security and maintaining up to date protection.
With regard to claims 2, 4, 10, 12, 18, and 20, Mizrahi in view of Carter discloses the method of claim 1, as outlined above, and Mizrahi further discloses the data specifying rights allocated to entities in the system incudes network configuration data and network policy data for a computer network (0018-0025, 0084, 0111).
With regard to claims 3, 11, and 19, Mizrahi in view of Carter discloses the method of claim 1, as outlined above, and Mizrahi further discloses the network configuration data specifies access rights allocated to respective groups and the network policy data specifies includes a set of access rights for group members to access network resources (0017-0025, 0085-0087, 0094).
With regard to claims 5 and 13, Mizrahi in view of Carter discloses the method of claim 1, as outlined above, and Mizrahi further discloses the software representation includes a source code representation or an executable compiled from the source code representation (0121-0122, claim 19) and represents a plurality of states and transitions between states (0035-0040, 0096-0098).
With regard to claims 6 and 14, Mizrahi in view of Carter discloses the method of claim 1, as outlined above, and Mizrahi further discloses analyzing the representation to identify actions that could be taken by an attacker includes stimulating the representation using a plurality of inputs to identify sets of one or more state changes that reach a target state from a starting state (0035-0040, 0096-0098).
With regard to claims 7 and 15, Mizrahi in view of Carter discloses the method of claim 1, as outlined above, and Mizrahi further discloses the actions include one or more state-to-state transitions representing traversal of the system, modification of the system, or acquisition of access rights in the system (0035-0040, 0096-0098).
With regard to claims 8 and 16, Mizrahi in view of Carter discloses the method of claim 1, as outlined above, and Carter further discloses monitoring the actions using detection signatures generated by the expert system includes processing a triggering event received in response to a detection signature detecting an occurrence that satisfies one or more atomic rules by applying a second set of rules to the triggering event to determine whether to generate an alert (0804-0817, 0475, claim 20). The motivation to combine remains the same as the parent claims.
Response to Arguments
Applicant’s arguments and amendments, filed 11 November 2025, with respect to the rejections of claims 1-20 of the prior office action have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new grounds of rejection is made, as outlined above.
References Cited
Dunn et al., USPN 2023/0336581, discloses a method of generating an attack path model using permission data (0079, 0071).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JACOB LIPMAN/Primary Examiner, Art Unit 2434