DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on June 27, 2023 are accepted.
Specification
The specification filed June 27, 2023 is accepted.
Claim Objections
Claims 1-15 are objected to because of the following informalities:
Claim 1 recites the limitation “identifying the target and scope of the attack evaluates how far the attackers have penetrated the system and what is their target;’ This phrase is grammatically incorrect. Appropriate correction is required.
Claim 1 recites the limitation “establishing the value … and maps the impact of the attack…” It is suggested that phrase be amended to “establishing the value … and map[s]ping the impact of the attack…” for clarity and consistency.
Claim 9 recites the limitation “ranking the cybersecurity weaknesses based on data at risk value, wherein to determine the data at risk value:” This phrase is grammatically incorrect. Appropriate correction is required.
Claim 9 recites the limitation “tracking and classify a cyberattack and places the cyberattack…” It is suggested that the phrase be amended to “tracking and classifying a cyberattack and plac[es]ing the cyberattack …” for clarity and consistency.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "the attack" in line 4. There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation "the attack lifecycle" in line 5. There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation “the target" in line 6. There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation "the attackers" in line 6. There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation "the system" in line 7. There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation “the value of the asset" in line 8. There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation "the impact" in line 9. There is insufficient antecedent basis for this limitation in the claim.
Claim 6 recites the limitation "the unified data protection " in line 2. There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-8 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kapadia et al. US 2018/0212990 A1 [hereinafter Kapadia].
As pe claim 1, Kapadia teaches a computerized method for detecting reconnaissance and infiltration in data lakes and cloud warehouses, comprising:
monitoring a SaaS data store or a cloud-native data store from inside the data store [paragraphs 0051-0052];
examining the attack and automatically identifies how far the attack has progressed in the attack lifecycle [paragraphs 0052-0054];
identifying the target and scope of the attack evaluates how far the attackers have penetrated the system and what is their target [paragraphs 0052-0057]; and
establishing the value of the asset subject to the attackers' attack and maps the impact of the attack on the CIA (confidentiality, integrity and availability) triad [paragraphs 0052-0057].
As per claim 2, Kapadia further teaches the method wherein the SaaS data store or the cloud-native data stores comprises a data lake warehouse [paragraphs 0052-0057].
As per claim 3, Kapadia further teaches the method wherein the attacker comprises a malware-based attacker [paragraphs 0052-0057].
As per claim 4, Kapadia further teaches the method further comprising: using a machine learned model to detect the malware-based attacker attempting to abuse data.
As per claim 5, Kapadia further teaches the method further comprising: providing an automated protection action to counter the malware-based attacker attempting to abuse data [paragraphs 0052-0057].
As per claim 6, Kapadia further teaches the method further comprising: delivering a unified data protection system against all forms of data attacks [paragraphs 0052-0057].
As per claim 7, Kapadia further teaches the method wherein the unified data protection system provides a solution that covers the entire spectrum from malicious or accidental insider attacks, advanced persistent threats to automated supply chain attacks where malware exploits vulnerabilities in trusted code and gains access to trusted systems fingerprint and identify the attackers [paragraphs 0052-0057].
As per claim 8, Kapadia further teaches the method further comprising: calculating an overall grade for the company's preventative security health, wherein the grade is calculated across the SaaS data store or the cloud-native data store [paragraphs 0052-0057].
Allowable Subject Matter
Claims 9-15 would be allowable if applicant overcomes the claim objections indicated above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BEEMNET W DADA whose telephone number is (571)272-3847. The examiner can normally be reached Monday-Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached at 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
BEEMNET W. DADA
Primary Examiner
Art Unit 2435
/BEEMNET W DADA/Primary Examiner, Art Unit 2435