DoesNotice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed have been fully considered but they are not fully persuasive regarding the USC 103 rejection.
Applicant argues that Sethi fails to teach claim 2 because “the role of network user identity in Sethi is categorically different from the functional role required by claim 2. In Sethi user identity serves as a threat classification. In Claim 2 user identity serves as a sorting key used to match individual communication to specific incidents”
Examiner argues that there is nothing in Applicant’s argument that disagrees with the usage of Sethi. Both statements are true, and not dissimilar. Sethi teaches noting incidents and associating incidents with a compromised user, or malicious user. While noting the user is a “threat”, it is *also* associated with network incidents.
Examiner points to at least [0103] of Sethi which states “database stores….incoming traffic requests, malicious data requests, a cumulative history of user activity records, [0137] “an intercepted request…determined IP address, eg identity of an entity that sent the request” [0158][0159] “detection of abnormal user behavior based on a comparison of previous cases”
Examiner asserts nothing in the claim language establishes that incidents are for example, sorted by user. Examiner asserts that the claim language states a plurality of incidents (history record) and that the incidents are “associated with a network user”. Sethi teaches records of incidents including IP address recording, user history, etc. Thus both a plurality of incidents are recorded according to network traffic monitored, and the users/metadata associated with that traffic or metadata are “associated” and recorded. Thus the limitations of former claim 2, and now claim 1 are met.
In the interest of advancing prosecution, Examiner points to Chesla US 2023/0319088 [0031][0060]. Examiner believes this would anticipate Applicant’s claims as described in Argument, and in the claim language.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 3-8, 10-15, 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sethi US 2025/0023918 in view of Horrell US 10,176,032 in view of Gupta US 2024/0007342
As per claims 1, 8, 15. (Currently Amended) Sethi teaches A system for identifying network vulnerability via network component functionality, wherein the system is structured for proactively detect and resolve network incidents prior to network disruptions, the system comprising: at least one non-transitory storage device containing instructions; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device, upon execution of the instructions, is configured to: monitor a plurality of network communications of a network for indications of an incident associated with a disruption to access or operation of a network activity determine one or more incident indicator communications of the plurality of network communications as relating to the incident based on determining that wherein the one or more incident indicator communications comprise information relating to the incident, comprising analyzing the transformed plurality of network communications to determine the one or more incident indicator communications of the plurality of network communications associated with the incident; [0133] [0153] [0178]-[0185] (obtain alert and metric of health of edge device, failure or compromised, monitoring of metrics, including heat, usage rates, network speed/latency, cpu events, analysis of metrics, prediction of further incidents based on metric data and training, alerting users, administrators, taking corrective actions)
Sethi teaches based on the one or more incident indicator communications, determine one or more network components relating to the incident, wherein based on at least determining a change in operation of the one or more network components comprising component outage, reduced speed, and increased usage; [0133] [0153] [0178]-[0185] (obtain alert and metric of health of edge device, failure or compromised, monitoring of metrics, including heat, usage rates, network speed/latency, cpu events, analysis of metrics, prediction of further incidents based on metric data and training, alerting users, administrators, taking corrective actions)
Sethi teaches monitor one or more metrics relating to operation of the one or more network components relating to the incident, wherein the one or more metrics are selected for monitoring based on determining (i) a type of the one or more network components and (ii) an incident type associated with the incident, wherein the one or more metrics comprise operating heat, operating speed, and/or usage; [0133] [0153] [0178]-[0185] (obtain alert and metric of health of edge device, failure or compromised, monitoring of metrics, including heat, usage
analysis of metrics, prediction of further incidents based on metric data and training, alerting users, administrators, taking corrective actions)
Sethi teaches wherein analyzing the transformed plurality of network communications further comprises: determining that the plurality of network communications comprise content associated with a plurality of incidents; and identifying the one or more incident indicator communications of the plurality of network communications that are associated with the incident of the plurality of incidents based on at least one or more network users associated with the one or more incident indicator communications. [0103] [0133] [0153] [0155]-[0159] [0178]-[0185] (obtain communications and telemetry indicative of future incidents including those based on one or more network users/hackers/compromised users, teaches recording a history of events/incidents and telemetric data including IP address of requestors and user identity)
Horrell teaches determine that a new incident is occurring or expected to occur based on a change in at least one of the one or more metrics that is greater than a predetermined changed value, wherein the new incident has the same incident type as the incident; cause a transmission of a new incident alert, wherein the new incident alert indicates that the new incident is occurring or expected to occur; . (Column 2 lines 19-67; Column 3 lines 16-42; Column 19 lines 25-40; Column 24 lines 12-38; Column 25 lines 1-12) (teaches health metrics, thresholds and that a detected data/measurements is used to predict a new incident within a certain period of time)
Horrell teaches and determine an incident resolution action for resolving the new incident. (Column 3 lines 16-42) (teaches health metrics and that a detected incident is used to predict a new incident and taking a resolution action)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Horrell with the prior art because it helps set remediation priorities.
Gupta teaches transforming the plurality of network communications from a plurality of sources into a standard format for determining the one or more incident indicator communications [0085]-[0088] (teaches standardizing multiple data formats and telemetry into a standard format)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teaching of Gupta with the prior art because a standard format improves data usage efficiency.
As per claims 3, 10, 17. (Currently Amended) The system of Claim 1, Sethi teaches wherein the at least one processing device, upon execution of the instructions, is configured to determine at least one of the one or more incident indicator communications from the plurality of network communications based on at least one or more communication types, wherein the one or more communication types comprise at least one of an electronic message, a document repository, an instant message, a virtual meeting, a phone call, or an incident ticket. [0133] [0153] [0155]-[0157] [0178]-[0185] (obtain communications and telemetry indicative of future incidents including those based on electronic communications/message users)
As per claims 4, 11, 18. (Currently Amended) The system of Claim 1, Horrell teaches wherein the new incident alert indicates that the new incident is expected to occur within a predetermined amount of time, wherein the at least one processing device, upon execution of the instructions, is configured to: record a prior change in the one or more metrics at the one or more network components at one or more time periods associated with the incident; and determine the predetermined changed value for the new incident based on (i) a predetermined portion of the prior change associated with the incident, and (ii) standard operating parameters of the one or more network components. (teaches machine learning to determine metrics over a period of time are associated with an incident to predict failure based on operating parameters, including rate of change) (Column 16 lines 45-64; Column 17 lines 15-35; Column 18 lines 8-50; Column 19 lines 14-43)
As per claims 5, 12, 19. (Currently Amended) The system of Claim 1, Horrell teaches wherein the incident resolution action is an automated action in which the new incident is resolved, wherein the at least one processing device, upon execution of the instructions, is configured to: determine that the incident is associated with a series of prior incidents of the same incident type; and wherein transmission of the new incident alert is in response to determining that (i) the change in at least one of the one or more metrics is greater than the predetermined changed value, and (ii) a time elapsed since the incident is associated with a recurring time period associated with the series of prior incidents. (Column 18 lines 8-40) (Column 19 lines 14-43) (teaches analysis of historical incidents and the data prior to said incidents including likely time period associated with incident, and change in data metrics)
As per claims 6, 13, 20. (Currently Amended) The system of Claim 1, Sethi teaches wherein the incident resolution action comprises moving a data process from a first network component to a second network component in an instance in which the new incident is related to the first network component. [0132] (moving the data to a second device in case of an outage, bad performance metric, etc)
As per claims 7, 14. (Original) The system of Claim 1, Sethi teaches wherein the at least one processing device, upon execution of the instructions, is configured to train a machine learning model to determine the incident indicator communications relating to an incident. [0153] (employing machine learning models based on healthy and unhealthy metrics/alerts/thresholds to train and predict future states of devices)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439