Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to correspondence 10/02/25 regarding application 18/282,902, in which claims 1-6 and 11 were amended and new claims 16-18 were added. Claims 1-18 are pending in the application and have been considered.
Response to Arguments
The examiner agrees with Applicant on page 11 that no new matter is added by the amendments to claims 1-6 and 11 and addition of new claims 16-18.
The amended title of the invention overcomes the objection to the specification, and so the objection is withdrawn.
Amended claims 2-5 overcome the objections for minor informalities, and so they are withdrawn.
Applicant’s arguments on pages 11-15 regarding the 35 U.S.C. 101 rejections have been considered but are not persuasive. Applicant argues that the claims are eligible under Step 2A Prong Two of the Alice test because as amended, the claims “involve technical complexity that could not be performed as mental processes” (Remarks, page 13), “are also not directed to mathematical concepts or certain methods of organizing human activity”, and related to a cyberattack, malware, and an attack tool (i.e. cybersecurity), which are clearly rooted in the computer arts”, meaning that according to Applicant that claims as amended recite a practical application.
In response, it is noted that the rejection does not assert the claims in question to be directed to mathematical concepts or certain methods of organizing human activity, but rather, a mental process. Applicant argues that the claims as amended involve technical complexity that could not be performed as mental processes, but it is unclear to the examiner where precisely in the particular language of the claims this purported technical complexity is recited. Claim 1, for example requires dependency parsing a news article by obtaining a score, which a human could do by drawing a parse tree and labeling the arcs with scores. That the news article being parsed “relates to cybersecurity” does not making the parsing itself particularly technically complex, or the entity and modifier specifying for that matter. A human can quite easily read a news article about a cyber attack and mentally identify the parties involved and their modifiers. Similarly, that the news article “relates to cybersecurity” does not make the claimed steps themselves, which related to parsing dependencies, specifying entities and modifiers, and complementing them somehow “rooted in the computer arts”, even if the news article pertains to the computer arts.
On page 14, Applicant further argues that the claims are eligible under 101 because the claims contain a specific limitation other than what is well-understood, routine, conventional activity in the field, which has been found to qualify as significantly more when recited in a claim with a judicial exception. However, Applicant merely asserts that “the prior art does not teach or suggest the features of independent claim 1” and therefore claim 1 provides an inventive concept.
In response, the examiner is not persuaded because it is unclear from Applicant’s argument which “features of independent claim 1” in particular allegedly provide an inventive concept, and why they are considered to be a specific limitation other than what is well-understood, routine, conventional activity in the field.
Applicant’s arguments on pages 15-18 regarding the 35 U.S.C. 103 rejections based on Dey, Yi, and Finkel have been considered but are moot in view of the new grounds for rejection based in part on the newly discovered reference to Wang et al. (“DNRTI: A Large-scale Dataset for Named Entity Recognition in Threat Intelligence”. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications), which is specifically directed to named entity recognition in the Threat Intelligence domain, similarly to the amended claims. The new grounds for rejection based in part on Wang are in response to Applicant’s amendments.
Claim Objections
In claim 1, line 9, the examiner assumes “identifies used in the cyberattack” should be “identifies malware used in the cyberattack” (based on similar amendments to claims 6 and 11).
In claim 16, line 2, should “wherein the further at least one processor” be “wherein the at least one processor”?
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim recites “extract named entities from a news article about a cyberattack; parse a dependency relation between words or clauses in the news article; and specify a named entity satisfying a set condition from among the extracted named entities and complement the specified named entity with a corresponding modifier, based on a result of the dependency relation parsing”.
The limitation of extract named entities from a news article about a cyberattack, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “extract named entities from a news article about a cyberattack” in the context of this claim encompasses visually extracting named entities from a printed news article about a cyberattack.
Similarly, the limitation of “parse a dependency relation between words or clauses in the news article by obtaining a score indicating a strength of association for each of: between words, between a word and a modifier, and between modifiers”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “parse a dependency relation between words or clauses in the news article by obtaining a score indicating a strength of association for each of: between words, between a word and a modifier, and between modifiers” in the context of this claim encompasses mentally parsing a dependency relation between words or clauses in the news article, mentally determining scores strength of association for each of: between words, between a word and a modifier, and between modifiers, and drawing a dependency graph with a pen and paper.
Similarly, the limitation of “specify a named entity that satisfies a set condition from among the extracted named entities, relates to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “specify a named entity that satisfies a set condition from among the extracted named entities, relates to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name” in the context of this claim encompasses mentally determining a named entity that satisfies a set condition from among the extracted named entities, relates to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name.
Similarly, the limitation of “specify the modifiers for the specified named entity having the score that is equal to or greater than a threshold as specified modifiers” as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “specify the modifiers for the specified named entity having the score that is equal to or greater than a threshold as specified modifiers” in the context of this claim encompasses mentally determining modifiers for the specified named entity having the score that is equal to or greater than a threshold as specified modifiers.
Similarly, the limitation of “complement the specified named entity with the specified modifiers for the specified named entity based on a result of the dependency relation parsing”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. For example, “complement the specified named entity with the specified modifiers for the specified named entity based on a result of the dependency relation parsing” in the context of this claim encompasses writing down a list of the named entities, circling one with a dependency relation in the chart, and writing down an adjective next to it.
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claim only recites two additional elements – “at least one memory storing instructions”, and “at least one processor”. The computing device in this step is recited at a high-level of generality (i.e., as a generic memory storing generic instructions, and a generic processor) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computing device to perform the extracting, parsing, and specifying amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Specifically with respect to Step 2A, Prong Two, of the Alice/Mayo test, the judicial exception is not integrated into a practical application. Claim 1 does not recite any limitations that are not mental steps.
Specifically with respect to Step 2B of the Alice/Mayo test, “the claim as a whole does not amount to significantly more than the exception itself (there is no inventive concept in the claim)”. MPEP 2106.05 Il. There are no limitations in claim 1 outside of the judicial exception. As a whole, there does not appear to contain any inventive concept. As discussed above, claim 1 is a mental process that pertains to the mental process of extracting, parsing, and specifying named entities from text, which can be performed entirely by a human with physical aids.
Dependent claims 2-5 and 16 depend from claim 1, do not remedy any of the deficiencies of claim 1, and therefore are rejected on the same grounds as claim 1 above.
Generally, claims 2-5 and 16 merely recite additional steps for extracting, parsing, and specifying named entities from text, all of which could be performed mentally or by writing down relationships with a pen and paper, or displaying an output, and do not amount to anything more than substantially the same abstract idea as explained with respect to claim 1.
Specifically:
Claim 2 recites “ extract the named entities and specifies types of the extracted named entities, and compare the types of the extracted named entities with a list of types of named entities to be extracted prepared in advance, and specify the named entity whose type is registered in the list from among the extracted named entities, as a named entity satisfying the set condition” which could be performed by mentally comparing the entities to a paper list of entities prepared in advance, and circling ones on the list.
Claim 3 recites “ store the extracted named entities in a storage area of a storage device, and specify, if a search process is performed on the named entities stored in the storage area to search the named entities, a named entity satisfying the set condition from among the searched named entities, and complement the specified named entity with a corresponding modifier based on the result of the dependency relation parsing” which could be performed by visually searching the list of entities, in addition to the techniques described with respect to claim 1 above.
Claim 4 recites “extract the named entities from the news article, using a dictionary in which words or clauses corresponding to the named entities to be extracted are registered” which could be performed by using a paper dictionary to aid in visually extracting and writing down the entities.
Claim 5 recites “extract the named entities from the news article using a machine learning model, and the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data”, which but for “machine learning model”, could be performed by visually extracting and writing down entities based on a labeled list. The “machine learning model” is recited at a high-level of generality (i.e., as a generic machine learning model) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.
Claim 16 recites “control a display apparatus to display the specified named entity identifying the malware used in the cyberattack, the attack tool used in the cyberattack, the attacker, the attack campaign name, the name of the affected product, the name of the affected site, the victim's name, the damage details, the damage amount, the attack method, or the vulnerability name, and the specified modifiers as search results” which amounts to insignificant extra solution activity in the form of a mere output on a display. Notably the claim language does not require processing a search query from a user and outputting the search results to the user, but merely displaying as search results. This is not enough to amount to a practical application that is significantly more than the abstract idea itself.
In sum, claims 2-5 and 16 depend from claim 1 and further recite mental processes or insignificant extra solution activity as explained above. None of the additional limitations recited in claims 2-5 and 16 amount to anything significantly more than the same or a similar abstract idea as recited in claim 1. Nor do any limitations in claims 2-5 and 16 (a) integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea or (b) amount to significantly more than the judicial exception. Claims 2-5 and 16 are not patent eligible.
Claim 6 is directed to a method that corresponds to the system of claim 1 and is therefore rejected for the same reasons set for the above with respect to claim 1. Claim 6 lacks any additional elements that would integrate the abstract idea into a practical application by imposing any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
Claims 7-10 and 17 depend from claim 6, do not remedy any of the deficiencies of claim 6, and recite limitations similar to those found in dependent claims 2-5 and 16 discussed above. These claims are therefore rejected on the same grounds as claims 2-5, 6, and 16 above.
Claim 11 is directed to a non-transitory computer readable recording medium that corresponds to the system of claim 1 and is therefore rejected for the same reasons set forth above with respect to claim 1. Moreover, while claim 11 recites generic computing components (e.g., non-transitory computer readable recording medium, program including instructions), such components are only claimed at a high-level of generality and are not sufficient to render the claim subject matter eligible for the same reasons discussed above with respect to claim 1.
Claims 12-15 and 18 depend from claim 11, do not remedy any of the deficiencies of claim 11, and recite limitations similar to those found in dependent claims 2-5 and 16 discussed above. These claims are therefore rejected on the same grounds as claims 2-5, 11, and 16 above.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Dey et al. (US 20190065467) in view of Wang et al. (“DNRTI: A Large-scale Dataset for Named Entity Recognition in Threat Intelligence”. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications).
Consider claim 1, Dey discloses an information complementing apparatus (apparatus, [0109], that complements identified identities by identifying them as e.g. accused of a crime, [0073]) comprising:
at least one memory storing instructions (e.g. RAM, [0111], storing instructions, [0109]); and
at least one processor configured to execute the instructions (CPU executes instructions, [0108]) to:
extract named entities from a news article about an attack (Stanford NER extracts a set of named entities, [0050], from news articles about crime involving an attack, [0032-0033], Table 1);
parse a dependency relation between words or clauses in the news article by obtaining a score indicating a strength of association for each of: between words, between a word and a modifier, and between modifiers (dependency parsing extracts dependency relations, [0049], and identification of “accused name”, “location of crime” and “date of crime” is performed by computing confidence scores for NE-term pairs having a distance in the dependency graph below a threshold, [0073-0074]; these confidence scores are considered to “indicate a strength of association” between “accused name”, a word, “location of crime”, a modifier as to where the accused committed the crime, and “date of crime”, a modifier as to when the accused committed the crime); and
specify a named entity that satisfies a set condition from among the extracted named entities (identifying the accused name with highest confidence, [0074]) and
specify the modifiers for the specified named entity having the score that is equal to or greater than a threshold as specified modifiers (identifying the location of crime and date of crime committed by the accused based on the candidates with the highest confidence score, i.e. a confidence score greater than or equal to the second highest candidate, [0073-0074]); and
complement the specified named entity with the specified modifiers for the specified named entity, based on a result of the dependency relation parsing (identification of “accused name”, “location of crime” and “date of crime” using the dependency graph as explained above, [0073], [0074], used to update or create a crime ontology, [0083]).
Dey does not specifically mention specifying named entities that relate to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name.
Wang discloses specifying named entities that relate to cybersecurity (e.g. Figure 2, page 1844), and identifies malware used in the cyberattack (e.g. malicious Adobe Flash, Figure 2, page 1844), an attack tool used in the cyberattack (tool, Section IV B, page 1844), an attacker (hacker organization, Section IV B, page 1844), an attack campaign name (attack, Section IV B, page 1844), a name of an affected product (e.g. Adobe Flash, Figure 2), a name of an affected site (e.g. Telenor, Figure 2), a victim’s name (organization, Section IV B, page 1844), damage details (noting that the limitation is required in the alternative by the claim language), a damage amount (noting that the limitation is required in the alternative by the claim language), an attack method (way, Section IV B, page 1844), or a vulnerability name (loophole, Section IV B, page 1844).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey by specifying named entities that relate to cybersecurity, and identifies used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name in order to improve usability and scalability of threat intelligence data, as suggested by Wang (Section 1, page 1842), predictably helping countries around the word defend against attacks by hacker organizations, as suggested by Wang (Section 1, page 1842). The cited references are analogous art in the field of natural language.
Consider claim 6, Dey discloses an information complementing method (method for complementing identified identities by identifying them as e.g. accused of a crime, [0073], [0108]) comprising:
extracting named entities from a news article about an attack (Stanford NER extracts a set of named entities, [0050], from news articles about crime involving an attack, [0032-0033], Table 1);
parsing a dependency relation between words or clauses in the news article by obtaining a score indicating a strength of association for each of: between words, between a word and a modifier, and between modifiers (dependency parsing extracts dependency relations, [0049], and identification of “accused name”, “location of crime” and “date of crime” is performed by computing confidence scores for NE-term pairs having a distance in the dependency graph below a threshold, [0073-0074]; these confidence scores are considered to “indicate a strength of association” between “accused name”, a word, “location of crime”, a modifier as to where the accused committed the crime, and “date of crime”, a modifier as to when the accused committed the crime); and
specifying a named entity that satisfies a set condition from among the extracted named entities (identifying the accused name with highest confidence, [0074]) and
specifying the modifiers for the specified named entity having the score that is equal to or greater than a threshold as specified modifiers (identifying the location of crime and date of crime committed by the accused based on the candidates with the highest confidence score, i.e. a confidence score greater than or equal to the second highest candidate, [0073-0074]); and
complementing the specified named entity with the specified modifiers for the specified named entity, based on a result of the dependency relation parsing (identification of “accused name”, “location of crime” and “date of crime” using the dependency graph as explained above, [0073], [0074], used to update or create a crime ontology, [0083]).
Dey does not specifically mention specifying named entities that relate to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name.
Wang discloses specifying named entities that relate to cybersecurity (e.g. Figure 2, page 1844), and identifies malware used in the cyberattack (e.g. malicious Adobe Flash, Figure 2, page 1844), an attack tool used in the cyberattack (tool, Section IV B, page 1844), an attacker (hacker organization, Section IV B, page 1844), an attack campaign name (attack, Section IV B, page 1844), a name of an affected product (e.g. Adobe Flash, Figure 2), a name of an affected site (e.g. Telenor, Figure 2), a victim’s name (organization, Section IV B, page 1844), damage details (noting that the limitation is required in the alternative by the claim language), a damage amount (noting that the limitation is required in the alternative by the claim language), an attack method (way, Section IV B, page 1844), or a vulnerability name (loophole, Section IV B, page 1844).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey by specifying named entities that relate to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name for reasons similar to those for claim 1.
Consider claim 11, Dey discloses a non-transitory computer readable recording medium that includes a program recorded thereon (non-transitory media such as RAM, [0111]), the program including instructions that cause a computer (code executed by computer CPUs, [0108]) to carry out:
extracting named entities from a news article about an attack (Stanford NER extracts a set of named entities, [0050], from news articles about crime involving an attack, [0032-0033], Table 1);
parsing a dependency relation between words or clauses in the news article by obtaining a score indicating a strength of association for each of: between words, between a word and a modifier, and between modifiers (dependency parsing extracts dependency relations, [0049], and identification of “accused name”, “location of crime” and “date of crime” is performed by computing confidence scores for NE-term pairs having a distance in the dependency graph below a threshold, [0073-0074]; these confidence scores are considered to “indicate a strength of association” between “accused name”, a word, “location of crime”, a modifier as to where the accused committed the crime, and “date of crime”, a modifier as to when the accused committed the crime); and
specifying a named entity that satisfies a set condition from among the extracted named entities (identifying the accused name with highest confidence, [0074]) and
specifying the modifiers for the specified named entity having the score that is equal to or greater than a threshold as specified modifiers (identifying the location of crime and date of crime committed by the accused based on the candidates with the highest confidence score, i.e. a confidence score greater than or equal to the second highest candidate, [0073-0074]); and
complementing the specified named entity with the specified modifiers for the specified named entity, based on a result of the dependency relation parsing (identification of “accused name”, “location of crime” and “date of crime” using the dependency graph as explained above, [0073], [0074], used to update or create a crime ontology, [0083]).
Dey does not specifically mention specifying named entities that relate to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name.
Wang discloses specifying named entities that relate to cybersecurity (e.g. Figure 2, page 1844), and identifies malware used in the cyberattack (e.g. malicious Adobe Flash, Figure 2, page 1844), an attack tool used in the cyberattack (tool, Section IV B, page 1844), an attacker (hacker organization, Section IV B, page 1844), an attack campaign name (attack, Section IV B, page 1844), a name of an affected product (e.g. Adobe Flash, Figure 2), a name of an affected site (e.g. Telenor, Figure 2), a victim’s name (organization, Section IV B, page 1844), damage details (noting that the limitation is required in the alternative by the claim language), a damage amount (noting that the limitation is required in the alternative by the claim language), an attack method (way, Section IV B, page 1844), or a vulnerability name (loophole, Section IV B, page 1844).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey by specifying named entities that relate to cybersecurity, and identifies malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name for reasons similar to those for claim 1.
Consider claim 2, Dey discloses the at least one processor further configured to execute the instructions to: extract the named entities and specifies types of the extracted named entities (extracting named entities of types “Person” and “Organization”, “Location”, “Date, etc., [0050]), and compare the types of the extracted named entities with a list of types of named entities to be extracted prepared in advance (e.g. “accused name”, “location of crime”, “date of crime”, [0073]), and specify the named entity whose type is registered in the list from among the extracted named entities, as a named entity satisfying the set condition (identification of a named entity as “accused name” based on entity and term distance in the dependency graph, [0073]).
Consider claim 3, Dey discloses the at least one processor is further configured to execute the instructions to: store the extracted named entities in a storage area of a storage device (all entities tagged as person, [0074], in storage media, [0111])), and specify, if a search process is performed on the named entities stored in the storage area to search the named entities (the pseudocode “for” loop in [0074] considered a “search process” for entities having a distance in the dependency graph within a threshold), a named entity satisfying the set condition from among the searched named entities (d = dist (N, T), if d < threshold, [0074]), and complement the specified named entity with a corresponding modifier based on the result of the dependency relation parsing (the highest confidence name identified as the accused name, [0073-0074).
Consider claim 4, Dey discloses the at least one processor is further configured to execute the instructions to: extract the named entities from the news article (PE = all named entities tagged as person in S, [0074]), using a dictionary in which words or clauses corresponding to the named entities to be extracted are registered (CT = all terms in S indicated by KB (knowledge base, which is an ontology), i.e. dictionary, for presence of accused for each entity N in PE, [0074]).
Consider claim 5, Dey discloses at least one processor is further configured to execute the instructions to: extract the named entities from the news article using a machine learning model (Stanford NER, which is a machine learning model, [0050]).
Dey does not specifically mention the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data.
Wang discloses the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data (LSTM and BiLSTM trained using labeled dataset, pages 1844-1845)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey such that the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data for reasons similar to those for claim 1.
Consider claim 7, Dey discloses: in the extracting the named entities, extracting the named entities and specifying types of the extracted named entities (extracting named entities of types “Person” and “Organization”, “Location”, “Date, etc., [0050]), and compare the types of the extracted named entities with a list of types of named entities to be extracted prepared in advance (e.g. “accused name”, “location of crime”, “date of crime”, [0073]), and in the complementing, comparing the types of the extracted named entities with a list of types of named entities to be extracted prepared in advance (e.g. “accused name”, “location of crime”, “date of crime”, [0073]), and specifying the named entity whose type is registered in the list from among the extracted named entities, as a named entity satisfying the set condition (identification of a named entity as “accused name” based on entity and term distance in the dependency graph, [0073]).
Consider claim 8, Dey discloses: in the extracting the named entities, storing the extracted named entities in a storage area of a storage device (all entities tagged as person, [0074], in storage media, [0111]), and if a search process is performed on the named entities stored in the storage area to search the named entities, in the complementing, specifying a named entity satisfying the set condition from among the searched named entities (the pseudocode “for” loop in [0074] considered a “search process” for entities having a distance in the dependency graph within a threshold), and complementing the specified named entity with a corresponding modifier based on the result of the dependency relation parsing.
Consider claim 9, Dey discloses, in the extracting the named entities, extracting the named entities from the news article (PE = all named entities tagged as person in S, [0074]) using a dictionary in which words or clauses corresponding to the named entities to be extracted are registered (CT = all terms in S indicated by KB (knowledge base, which is an ontology), i.e. dictionary, for presence of accused for each entity N in PE, [0074]).
Consider claim 10, Dey discloses in the extracting the named entities, extracting the named entities from the news article using a machine learning model (Stanford NER, which is a machine learning model, [0050]).
Dey does not specifically mention the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data.
Wang discloses the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data (LSTM and BiLSTM trained using labeled dataset, pages 1844-1845)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey such that the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data for reasons similar to those for claim 1.
Consider claim 12, Dey discloses wherein the extracting the named entities includes extracting the named entities and specifying types of the extracted named entities (extracting named entities of types “Person” and “Organization”, “Location”, “Date, etc., [0050]), and compare the types of the extracted named entities with a list of types of named entities to be extracted prepared in advance (e.g. “accused name”, “location of crime”, “date of crime”, [0073]), and the complementing includes comparing the types of the extracted named entities with a list of types of named entities to be extracted prepared in advance (e.g. “accused name”, “location of crime”, “date of crime”, [0073]), and specifying the named entity whose type is registered in the list from among the extracted named entities, as a named entity satisfying the set condition (identification of a named entity as “accused name” based on entity and term distance in the dependency graph, [0073])..
Consider claim 13, Dey discloses wherein the extracting the named entities includes storing the extracted named entities in a storage area of a storage device (all entities tagged as person, [0074], in storage media, [0111]), and if a search process is performed on the named entities stored in the storage area to search the named entities, the complementing includes specifying a named entity satisfying the set condition from among the searched named entities (the pseudocode “for” loop in [0074] considered a “search process” for entities having a distance in the dependency graph within a threshold), and complementing the specified named entity with a corresponding modifier based on the result of the dependency relation parsing.
Consider claim 14, Dey discloses wherein the extracting the named entities includes extracting the named entities from the news article (PE = all named entities tagged as person in S, [0074]) using a dictionary in which words or clauses corresponding to the named entities to be extracted are registered (CT = all terms in S indicated by KB (knowledge base, which is an ontology), i.e. dictionary, for presence of accused for each entity N in PE, [0074]).
Consider claim 15, Dey discloses wherein the extracting the named entities includes extracting the named entities from the news article using a machine learning model (Stanford NER, which is a machine learning model, [0050]).
Dey does not specifically mention the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data.
Wang discloses the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data (LSTM and BiLSTM trained using labeled dataset, pages 1844-1845)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey such that the machine learning model is built using a document with a label indicating whether words or clauses are to be extracted, as training data for reasons similar to those for claim 1.
Consider claim 16, Dey discloses wherein the further at least one processor is further configured to execute the instructions to: control a display apparatus to display the specified named entity and the specified modifiers as search results (the final output is made available to the end-user as a Crime register, composed of information related to different aspects of a crime, [0085], using graphical user interface, [0029], on e.g. user computer device, [0025], as results from semantic search, [0105]).
Dey does not specifically mention identifying malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name.
Wang discloses specifying identifying malware used in the cyberattack (e.g. malicious Adobe Flash, Figure 2, page 1844), an attack tool used in the cyberattack (tool, Section IV B, page 1844), an attacker (hacker organization, Section IV B, page 1844), an attack campaign name (attack, Section IV B, page 1844), a name of an affected product (e.g. Adobe Flash, Figure 2), a name of an affected site (e.g. Telenor, Figure 2), a victim’s name (organization, Section IV B, page 1844), damage details (noting that the limitation is required in the alternative by the claim language), a damage amount (noting that the limitation is required in the alternative by the claim language), an attack method (way, Section IV B, page 1844), or a vulnerability name (loophole, Section IV B, page 1844).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey by identifying malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name for reasons similar to those for claim 1.
Consider claim 17, Dey discloses controlling a display apparatus to display the specified named entity and the specified modifiers as search results (the final output is made available to the end-user as a Crime register, composed of information related to different aspects of a crime, [0085], using graphical user interface, [0029], on e.g. user computer device, [0025], as results from semantic search, [0105]).
Dey does not specifically mention identifying malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name.
Wang discloses specifying identifying malware used in the cyberattack (e.g. malicious Adobe Flash, Figure 2, page 1844), an attack tool used in the cyberattack (tool, Section IV B, page 1844), an attacker (hacker organization, Section IV B, page 1844), an attack campaign name (attack, Section IV B, page 1844), a name of an affected product (e.g. Adobe Flash, Figure 2), a name of an affected site (e.g. Telenor, Figure 2), a victim’s name (organization, Section IV B, page 1844), damage details (noting that the limitation is required in the alternative by the claim language), a damage amount (noting that the limitation is required in the alternative by the claim language), an attack method (way, Section IV B, page 1844), or a vulnerability name (loophole, Section IV B, page 1844).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey by identifying malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name for reasons similar to those for claim 1.
Consider claim 18, Dey discloses wherein the program further includes instructions that cause the computer to carry out controlling a display apparatus to display the specified named entity and the specified modifiers as search results (the final output is made available to the end-user as a Crime register, composed of information related to different aspects of a crime, [0085], using graphical user interface, [0029], on e.g. user computer device, [0025], as results from semantic search, [0105]).
Dey does not specifically mention identifying malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name.
Wang discloses specifying identifying malware used in the cyberattack (e.g. malicious Adobe Flash, Figure 2, page 1844), an attack tool used in the cyberattack (tool, Section IV B, page 1844), an attacker (hacker organization, Section IV B, page 1844), an attack campaign name (attack, Section IV B, page 1844), a name of an affected product (e.g. Adobe Flash, Figure 2), a name of an affected site (e.g. Telenor, Figure 2), a victim’s name (organization, Section IV B, page 1844), damage details (noting that the limitation is required in the alternative by the claim language), a damage amount (noting that the limitation is required in the alternative by the claim language), an attack method (way, Section IV B, page 1844), or a vulnerability name (loophole, Section IV B, page 1844).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Dey by identifying malware used in the cyberattack, an attack tool used in the cyberattack, an attacker, an attack campaign name, a name of an affected product, a name of an affected site, a victim’s name, damage details, a damage amount, an attack method, or a vulnerability name for reasons similar to those for claim 1.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jesse Pullias whose telephone number is 571/270-5135. The examiner can normally be reached on M-F 8:00 AM - 4:30 PM. The examiner’s fax number is 571/270-6135.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Andrew Flanders can be reached on 571/272-7516.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jesse S Pullias/
Primary Examiner, Art Unit 2655 10/29/25