DETAILED ACTION
This action is in response to the filing on 01/08/2023. Claims 1-20, are pending and have been considered below.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claims 1-20 objected to because of the following informalities:
Claim 1, line 6, recites "the user", should recite -- the target user --.
Claim 4, line 6, recites "structure.", should recite -- structure; --.
Claim 9, line 9, recites "the user", should recite -- the target user --.
Claim 12, line 7, recites "structure.", should recite -- structure; --.
Claim 17, line 8, recites "the user", should recite -- the target user --.
Claim 20, line 7, recites "structure.", should recite -- structure; --.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 2-4, 10-12, and 18-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 2 recites the limitation " the psychological traits" in line 7. There is insufficient antecedent basis for this limitation in the claim.
Claim 3 recites the limitation " the survey database" in line 4. There is insufficient antecedent basis for this limitation in the claim.
Claim 4 recites the limitation “performing a user modulation, based on the outcome linkage analysis, to obtain outcome profiles” on lines 9-10, it is unclear what the process of user modulation refers to, or what performing a user modulation entails. For the purpose of examination, it will be interpreted as "performing an operation, based on the outcome linkage analysis, to obtain outcome profiles".
Claim 4 recites the limitation “tuning user contributes based on the behavior and outcome profiles” on line 11, it is unclear what the term "user contributes" refers to. For the purpose of examination, it will be interpreted as "tuning user parameters based on the behavior and outcome profiles".
Claim 10 recites the limitation " the psychological traits" in line 9. There is insufficient antecedent basis for this limitation in the claim.
Claim 11 recites the limitation " the survey database" in line 4. There is insufficient antecedent basis for this limitation in the claim.
Claim 12 recites the limitation “performing a user modulation, based on the outcome linkage analysis, to obtain outcome profiles” on lines 10-11, it is unclear what the process of user modulation refers to, or what performing a user modulation entails. For the purpose of examination, it will be interpreted as "performing an operation, based on the outcome linkage analysis, to obtain outcome profiles".
Claim 12 recites the limitation “tuning user contributes based on the behavior and outcome profiles” on line 12, it is unclear what the term "user contributes" refers to. For the purpose of examination, it will be interpreted as "tuning user parameters based on the behavior and outcome profiles".
Claim 18 recites the limitation " the psychological traits" in line 8. There is insufficient antecedent basis for this limitation in the claim.
Claim 19 recites the limitation " the survey database" in line 3. There is insufficient antecedent basis for this limitation in the claim.
Claim 20 recites the limitation “performing a user modulation, based on the outcome linkage analysis, to obtain outcome profiles” on lines 10-11, it is unclear what the process of user modulation refers to, or what performing a user modulation entails. For the purpose of examination, it will be interpreted as "performing an operation, based on the outcome linkage analysis, to obtain outcome profiles".
Claim 20 recites the limitation “tuning user contributes based on the behavior and outcome profiles” on line 12, it is unclear what the term "user contributes" refers to. For the purpose of examination, it will be interpreted as "tuning user parameters based on the behavior and outcome profiles".
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 4-10, 12-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Brdiczka et al. (Proactive Insider Threat Detection through Graph Learning and Psychological Context), hereinafter Brdiczka, in view of Shen et al. (US 2015/0170295 A1), hereinafter Shen.
Regarding claim 1, Brdiczka teaches A method for event detection, comprising (Brdiczka discloses performing anomaly detection for both anomalous events and psychological anomalies to both detect threats and rank them [see Brdiczka, Sect. 2, para. 1, and Sect. 3, para. 5]):
obtaining a subpopulation data from a graph structure for performing a graph analysis (Brdiczka discloses performing graph analysis on structural information from large-scale information network data [see Brdiczka, Sect. 3, para. 2]);
obtaining a user profile associated with a target user (Brdiczka discloses building psychological profiles of individuals [see Brdiczka, Sect. 3, para. 3]);
inferring psychological traits of the user based on the user profile and the subpopulation data (Brdiczka discloses building psychological profiles based on the behavioral and information network structural data to make inferences about individuals mental state [see Brdiczka, Sect. 3, para. 3]);
performing an outcome linkage analysis based on labeled event outcome profiles and the inferred psychological traits to generate personalized knowledge graph data associated with the target user (Brdiczka discloses performing a Bayesian fusion method to generate personalized knowledge data about a target user based on the inferred psychological traits, with a model that was trained on historical outcome data of threats and innocuous behaviors, thus, it is based on labeled event outcome profiles of the historical data [see Brdiczka, Sect. 3, para. 3 and Sect. 3, Subsect C, para. 1]);
profiling, monitoring, or performing an anomaly detection for event data streams based on the personalized knowledge graph data (Brdiczka discloses ranking the threats inferred as personalized knowledge data based on their probability and uncertainty in order to provide actionable information [see Brdiczka, Sect. 3, Subsect. C, para. 1-2] and presented to system users/analysts [see Brdiczka, Sect. 3, para. 5]. Thus, the analysts can monitor the personalized threat detection and threat information for each individual presented by the system).
However, Brdiczka fails to teach wherein the subpopulation data is associated with personality and demographic characteristics of users and inferring psychological traits of the user by performing the graph analysis based on the user profile and the subpopulation data.
In the same field of endeavor, Shen teaches:
wherein the subpopulation data is associated with personality and demographic characteristics of users (Shen discloses collecting a population sample to construct a social network [see Shen, para. 32], then collecting structural information for nodes in the network, including graph information and node information [see Shen, para. 35], where the node information can include, but is not limited to, personality and demographic information of the users [see Shen, para. 43]);
inferring psychological traits of the user by performing the graph analysis based on the user profile and the subpopulation data (Shen discloses predicting characteristics such as the Big Five personality traits of individuals as nodes in the graph structure based on user data associated with each node of the graph structure [see Shen, para. 43]).
It would have been obvious to one of ordinary skill, in the art at the time before the effective filing date of the invention to incorporate wherein the subpopulation data is associated with personality and demographic characteristics of users and inferring psychological traits of the user by performing the graph analysis based on the user profile and the subpopulation data as suggested in Shen into Brdiczka because both perform social network analysis (see Brdiczka, Abstract; see Shen, Abstract). Incorporating the teaching of Shen into Brdiczka would identify a set of key individuals as security-check targets in order to maximize the reduction in security risks (see Shen, para. 55).
Regarding claim 2, the combination of Brdiczka and Shen as applied in claim 1 above teaches all the limitations of claim 1 and further teaches building the graph structure by:
obtaining data from a plurality of psychographic surveys stored in a survey database (Shen discloses collecting structural information for nodes in the network, including graph information and node information [see Shen, para. 35], where the node information can include, but is not limited to, personality and demographic information of the users [see Shen, para. 43]);
performing an edge creation process based on the obtained data (Shen discloses a plurality of examples of how edges are created between individuals in the social network [see Shen, para. 32-34]);
performing a community detection to obtain community structures (Brdiczka discloses performing community detection on the graph network [see Brdiczka, Sect. 3, Subsect. A, para. 2]. Shen discloses a plurality of examples of how edges are created between individuals in the social network [see Shen, para. 32-34], and obtaining structure information such as centrality measures associated with each node [see Shen, para. 35-36]. Thus, the combination of Brdiczka and Shen would perform community detection between nodes where the edges are between individuals in the network with communities having a most central node/individual);
merging the community structures to obtain the graph structure comprising information of the psychological traits (Brdiczka discloses performing community detection on the graph network [see Brdiczka, Sect. 3, Subsect. A, para. 2]. Shen discloses a plurality of examples of how edges are created between individuals in the social network [see Shen, para. 32-34], and obtaining structure information such as centrality measures associated with each node [see Shen, para. 35-36]. Thus, the combination of Brdiczka and Shen would perform community detection between nodes where the edges are between individuals in the network with communities having a most central node/individual. Thus, communities of nodes with central nodes are combined through edges between nodes that are between central nodes).
Regarding claim 4, the combination of Brdiczka and Shen as applied in claim 1 above teaches all the limitations of claim 1 and further teaches:
obtaining user data associated with the target user, the user data comprising the user profile and historical entries (Shen discloses collecting structural information for nodes in the network, including graph information and node information [see Shen, para. 35], where the node information can include, but is not limited to, personality and demographic information of the users [see Shen, para. 43]);
performing an edge creation process based on the obtained user data (Shen discloses a plurality of examples of how edges are created between individuals in the social network [see Shen, para. 32-34]);
performing a graph similarity modeling process for psychological traits according to the graph structure (Brdiczka discloses performing graph similarity as part of the structure analysis of the social network, including using psychological profiling to filter out a large portion of irrelevant data, where psychological profiling includes isolating correlations between personality traits in the social network [see Brdiczka, Sect. 1, para. 4 and Sect. 3, Subsect. B, para. 4]);
performing a behavior prediction according to one or more behavior models with behavior profiles (Brdiczka discloses building psychological profiles based on the behavioral and information network structural data to make inferences about individuals mental state [see Brdiczka, Sect. 3, para. 3]);
performing a user modulation, based on the outcome linkage analysis, to obtain outcome profiles (Brdiczka discloses performing a Bayesian fusion method to obtain a threat outcome profile about a target user based on if the user has malevolent intent [see Brdiczka, Sect. 3, Subsect C, para. 1]);
tuning user contributes based on the behavior and outcome profiles (Brdiczka discloses performing a Bayesian fusion method through the use of a generative model to obtain a threat outcome profile, which is initialized with a set of threat outcomes and behaviors [see Brdiczka, Sect. 3, Subsect C, para. 1]. Thus, the initialized model is tuned based on threat outcome and behavior profiles of the dataset).
Regarding claim 5, the combination of Brdiczka and Shen as applied in claim 1 above teaches all the limitations of claim 1 and further teaches:
providing a user interface configured to output a result in response to the profiling, monitoring, or the anomaly detection for the event data streams (Brdiczka discloses ranking the threats inferred as personalized knowledge data based on their probability and uncertainty in order to provide actionable information [see Brdiczka, Sect. 3, Subsect. C, para. 1-2] and presented to system users/analysts [see Brdiczka, Sect. 3, para. 5]. Thus, the analysts can monitor the personalized threat detection and threat information for each individual presented by the system).
Regarding claim 6, the combination of Brdiczka and Shen as applied in claim 5 above teaches all the limitations of claim 5 and further teaches:
wherein anomalies are monitored via the user interface at an individual level and a macro level (Brdiczka discloses ranking the threats inferred as personalized knowledge data based on their probability and uncertainty in order to provide actionable information [see Brdiczka, Sect. 3, Subsect. C, para. 1-2] and presented to system users/analysts [see Brdiczka, Sect. 3, para. 5]. Thus, the analysts can monitor the personalized threat detection and threat information for each individual presented by the system. Shen discloses performing the security analysis to identify a set of individuals who are security-check targets [see Shen, para. 56]. Thus, the combination could identify the rankings on an individual level (i.e., what threats are probable for that individual), and the rankings of identified targets (i.e., which individuals are probable for threat detection)).
Regarding claim 7, the combination of Brdiczka and Shen as applied in claim 5 above teaches all the limitations of claim 5 and further teaches:
wherein one or more event flagged by prior rules are viewed via the user interface (Brdiczka discloses ranking the threats inferred as personalized knowledge data based on their probability and uncertainty in order to provide actionable information [see Brdiczka, Sect. 3, Subsect. C, para. 1-2] and presented to system users/analysts [see Brdiczka, Sect. 3, para. 5]. Thus, the analysts can monitor the personalized threat detection and threat information presented by the system, which would include prior threats if the prior threats have not been resolved and are still detected).
Regarding claim 9, claim 9 contains substantially similar limitations to those found in claim 1. Therefore it is rejected for the same reason as claim 1 above. Additionally, the combination further teaches:
A computing device, comprising: a memory configured to store computer-executable instructions; and one or more processors coupled to the memory and configured to execute the computer-executable instructions to perform (Shen discloses a computing device with memory storing instructions to cause the processor to execute the disclosed method [see Shen, para. 59]).
Regarding claim 17, claim 17 contains substantially similar limitations to those found in claim 1. Therefore it is rejected for the same reason as claim 1 above. Additionally, the combination further teaches:
A non-transitory computer-readable storage medium storing a set of instructions that are executable by one or more processors of a device to cause the device to perform a method for event detection, the method comprising: (Shen discloses a computing device with memory storing instructions to cause the processor to execute the disclosed method [see Shen, para. 59], wherein the instructions are stored on a computer-readable medium such as non-volatile memory [see Shen, para. 60]).
Regarding claims 10 and 18, claims 10 and 18 contains substantially similar limitations to those found in claim 2 above. Consequently, claims 10 and 18 are rejected for the same reasons.
Regarding claims 12 and 20, claims 12 and 20 contains substantially similar limitations to those found in claim 4 above. Consequently, claims 12 and 20 are rejected for the same reasons.
Regarding claim 13, claim 13 contains substantially similar limitations to those found in claim 5 above. Consequently, claim 13 is rejected for the same reasons.
Regarding claim 14, claim 14 contains substantially similar limitations to those found in claim 6 above. Consequently, claim 14 is rejected for the same reasons.
Regarding claim 15, claim 15 contains substantially similar limitations to those found in claim 7 above. Consequently, claim 15 is rejected for the same reasons.
Claims 3, 11, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Brdiczka et al. (Proactive Insider Threat Detection through Graph Learning and Psychological Context), hereinafter Brdiczka, in view of Shen et al. (US 2015/0170295 A1), hereinafter Shen, as applied in claim 1 above, and further in view of Okada (US 2022/0172115 A1), hereinafter Okada.
Regarding claim 3, the combination of Brdiczka and Shen as applied in claim 1 above teaches all the limitations of claim 1 and further teaches:
building and tuning one or more behavior models by: (Brdiczka discloses building psychological model based on the behavioral data to make inferences about individuals mental state [see Brdiczka, Sect. 3, para. 3]);
obtaining data from a plurality of behavior surveys stored in the survey database (Shen discloses collecting a population sample to construct a social network [see Shen, para. 32], then collecting structural information for nodes in the network, including graph information and node information [see Shen, para. 35], where the node information can include, but is not limited to, personality information from surveys [see Shen, para. 43]);
performing a data normalization to the obtained data (Shen discloses computing scaled measurements of the surveyed personality traits [see Shen, para. 43]);
binning the normalized data (Shen discloses collecting data from a variety of sources, including the scaled measure of surveyed personality traits, and categorizes each layer of the network with a different data concept [see Shen, para. 43]);
performing tuning to tune the one or more behavior models with behavior profiles (Brdiczka discloses building psychological model based on the behavioral data to make inferences about individuals mental state [see Brdiczka, Sect. 3, para. 3], such that the model has psychological, personal, and internal model variables [see Sect. 3, Subsect. B, para. 2]. Thus, the model must be tuned with historic behavior profiles so that it can infer based on the aforementioned variables);
using outcome profiles to tune the one or more behavior models (Brdiczka discloses building psychological model based on the behavioral data to make inferences about individuals mental state [see Brdiczka, Sect. 3, para. 3], such that the model can describe temporal patterns leading up to an attack [see Sect. 3, Subsect. B, para. 2]. Thus, the model must be tuned based on data including attack outcome events for it to be able to infer an attack based on relevant variables);
However, the combination of Brdiczka and Shen fails to teach performing grid search parameter tuning to tune the one or more models.
In the same field of endeavor, Okada teaches:
performing grid search parameter tuning to tune the one or more models (Okada discloses performing parameter tuning through grid search for tuning hyperparameters of machine learning [see Okada, para. 21]);
It would have been obvious to one of ordinary skill, in the art at the time before the effective filing date of the invention to incorporate performing grid search parameter tuning to tune the one or more models as suggested in Okada into the combination of Brdiczka and Shen because both perform machine learning (see Brdiczka, Abstract; see Okada, Abstract). Incorporating the teaching of Okada into the combination of Brdiczka and Shen would tune hyperparameters to increase accuracy of a learning model (see Okada, para. 9) with a grid search [that] can be efficiently performed even when there are constraints on machine resources or time constraints (see Okada, para. 15).
Regarding claims 11 and 19, claims 11 and 19 contains substantially similar limitations to those found in claim 3 above. Consequently, claims 11 and 19 are rejected for the same reasons.
Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Brdiczka et al. (Proactive Insider Threat Detection through Graph Learning and Psychological Context), hereinafter Brdiczka, in view of Shen et al. (US 2015/0170295 A1), hereinafter Shen, as applied in claim 1 above, and further in view of GEDEON et al. (US 2010/0179829 A1), hereinafter Gedeon.
Regarding claim 8, the combination of Brdiczka and Shen as applied in claim 5 above teaches all the limitations of claim 5.
However, the combination of Brdiczka and Shen fails to teach receiving, via a user interface, manually created data or linkage; and receiving, via the user interface, data for manually labeled outcomes or flagged events.
In the same field of endeavor, Gedeon teaches:
receiving, via a user interface, manually created data or linkage; and receiving, via the user interface, data for manually labeled outcomes or flagged events (Gedeon discloses a user interface where a user may submit an adverse event report by manually submitting data including manually labeled events [see Gedeon, para. 57 and FIG. 9-14]).
It would have been obvious to one of ordinary skill, in the art at the time before the effective filing date of the invention to incorporate receiving, via a user interface, manually created data or linkage; and receiving, via the user interface, data for manually labeled outcomes or flagged events as suggested in Gedeon into the combination of Brdiczka and Shen because both perform event detection (see Brdiczka, Sect. 2, para. 1 and Sect. 3, para. 5; see Gedeon, Abstract). Incorporating the teaching of Gedeon into the combination of Brdiczka and Shen would expedite and increase the efficiency of an end-user receiving party's processes of compiling data from one or more adverse event reports and processing cases corresponding to reports (see Gedeon, para. 54).
Regarding claim 16, claim 16 contains substantially similar limitations to those found in claim 8 above. Consequently, claim 16 are rejected for the same reasons.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Sarkar et al. (US 12,440,147 B2) teaches a machine learning model that learns to infers whether problem behavior will occur.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAKE BREEN whose telephone number is (571)272-0456. The examiner can normally be reached Monday - Friday, 7:00 AM - 3:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jennifer Welch can be reached at (571) 272-7212. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/J.T.B./Examiner, Art Unit 2143
/JENNIFER N WELCH/Supervisory Patent Examiner, Art Unit 2143