Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
In the remarks filed on 02/25/2026. The applicant amended claims 1, 3, 6-8, 11, 14, and 15 are amended. No claims were added.
With respect to Claim objections:
Applicant’ claim amendments and remarks filed on 02/25/2026 have been fully considered and overcome claim objections as presented in the final office action filed 11/28/2025. Therefore, objections have been withdrawn.
With respect to 35 U.S.C. §101 rejections:
Applicant’ claim amendments and remarks filed on 02/25/2026 have been fully considered and does not overcome the 101 rejections as presented in the final office action filed 11/28/2025.
Applicant argues that the claims are directed to patent eligible subject matter because claims recite a determination apparatus including processing circuitry and reduce the workload of a security operation center (SOC) analyst. The examiner respectfully disagrees. Under step 2A, the claims recite abstract ideas including mathematical concepts and mental processes. Specifically, the claims recite automatically learning a model using machine learning logistic regression algorithm, predicting a label for an indicator of compromise (IOC) based on extracted features, and assigning a priority label to the IOC. Logistic regression is a mathematical model concepts. Additionally, determining the priority of alerts based on analyst investigation metrics corresponds to the type of evaluation and prioritization that can be performed by a human analyst, and therefore constitutes a mental process. The claimed steps therefore recite abstract ides. Applicant asserts that the claims provide a technological improvement by reducing the workload of SOC analysts and improving memory usage. However, reducing analyst workload represents an improvement to the efficiency of human decision making rather than technological improvement. The claims do not recite any specific mechanism that improves computer performance. These claims merely implement the abstract idea using generic processing circuitry executing a machine learning algorithm. According , the additional elements of claims do not integrate the abstract idea into practical application. Under step 2B, the claims does not include additional elements that include significantly more than the abstract idea. The recited processing circuitry performing feature extraction, model training, prediction, and notification represents well understood routine and conventional computer functions. Therefore, the claims are still directed to patent ineligible subject matter under 35 U.S.C. §101. Thus the 101 rejection is maintained.
With respect to 35 U.S.C. § 103 rejections:
Applicant's arguments filed on 02/25/2026 have been received and entered.
Applicant's arguments with respect to the newly amended independent claims, see Applicant Arguments 9-11, with respect to the rejection (s) of independent claims 1,6 and 7 have been fully considered. Examiner withdraws the 103 rejection.
Claim Objections
Claims 1, 6, and 7 are objected to because of the following informalities: The claims “automatically learning using machine learning with a logistic regression algorithm, by the processing circuitry, to a model for outputting a label” should be “automatically learning .. to generate a model”. “sending a notification of information about the IOC that was predicted to have the label indicating high priority to the analyst” is unclear if the claim sending IOC itself, information about the IOC, or a notification.. “each of IOCs” should read either “each IOC” or “each of the IOCs”. Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 3, 6-8, 11, and 14-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1,6 and 7 recite “imparting, by the processing circuitry, a label of high priority or low priority to each of IOCs according to an actual result of a workload required of an analyst for dealing with a relevant alert”. The term “actual result of workload” is unclear because the claim does not specify what measurable parameter that constitutes the workload. The claim does not define whether workload refers to number of investigations, time spent , number of alert processed or another metric. The scope of limitation is uncertain since multiple distinct metrics are disclosed but not claimed and the term could have multiple interpretation. The limitation further recite “the relevant art “ and “number of manual investigations performed for the relevant alert”. The term “relevant alert” is indefinite because it is not defined and lacks a clear relationship to previously recited claimed elements. It is unclear whether the “relevant alert” refers to an alert containing the IOC, any alert associated with the IOC, alerts investigated by a particular analyst or alerts satisfying a particular condition. Because the number of investigation depends on identifying the relevant alerts, this ambiguity directly affects the determination of the priority label. The specification does not provide a clear definition. The claims further recites “automatically imparted to an IOC for which a number of manual investigations performed for the relevant alert within a certain period of days is equal to or more than a predetermined number of manual investigations among IOCs, and a label indicating a non-high priority is automatically imparted to the IOC for which the number of manual investigations is less than the predetermined number of manual investigations” . The phrase “certain period of days” does not define the duration or provide an objective boundaries for determining the period. Also, the phrase “a predetermined number of manual investigations among IOCs” is indefinite because it is unclear how threshold is applied. Th claims do not specify whether the number of investigations is determined per IOC, per alert, per analyst or across multiple IOCs, and what is meant by “among IOCs”. Thus, the boundary for determining whether an IOC is assigned a high priority label is unclear. The claims recite “a label of high priority or low priority” and later recite “a label indicating a non-high priority”. The terms “non -high priority” lacks proper antecedent basis and introduces inconsistent terminology. It is unclear whether “non high priority” is equivalent to “low priority” or represents a different category. This inconsistency renders the scope of the claimed labels uncertain. Examiner suggest to clear the scope of claims 1, 6,and 7. Dependent claims are also rejected for inheriting the deficiencies set forth above for independent claims. Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 3, 6, 7, 8, 11, and 14-15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Independent claims 1, 6 and 7:
Step1:
Claims 1 is drawn to “a method”, claim 6 is drawn to “an apparatus”, and claim 7 is drawn to “non-transitory computer-readable”, therefore each of these claim groups falls under one of four categories of statutory subject matter (process/method, machines/products/apparatus, manufactures, and compositions of matter).
Step 2A, Prong 1:
Claims 1, 6, and 7 are directed to a judicially recognized exception of an abstract idea without significantly more. Each of claims 1, 6, and 7 recites limitations “extracting, by the processing circuitry, feature information from an indicator of compromise (IOC) included in information related to cyber security” is merely data gathering, and, “imparting, by the processing circuitry, a label of high priority or low priority to each of IOCs according to an actual result of a workload required of an analyst for dealing with a relevant alert”, “automatically learning using machine learning with a logistic regression algorithm, by the processing circuitry, to a model for outputting a label from the feature information of an IOC by using learning data obtained by combining the feature information extracted with the label imparted”, wherein a label indicating a high priority is automatically imparted to an IOC for which a number of manual investigations performed for the relevant alert within a certain period of days is equal to or more than a predetermined number of manual investigations among IOCs, and a label indicating a non-high priority is automatically imparted to the IOC for which the number of manual investigations is less than the predetermined number of manual investigations”, “predicting the label from the feature information of the IOC using the model that is learned”, and “sending a notification of information about the IOC that was predicted to have the label indicating high priority to the analyst” that under its broadest reasonable interpretation, enumerates a mental evaluation and abstract ideas. Other than reciting a generic “processing circuitry” (Claim 6), nothing in the claims preclude the steps from practically being performed in the human mind. For example, other than the “processing circuitry” language, the claims encompass a user visually and manually extracting data (i.e., feature information) from IOC (i.e., data gathering), classifying or labelling that data based on observer activity (i.e., actual workload results, investigation counts or times) and condition met , training model on labeled data and using that model to predict labels, and a notifying the predicted label and alert. All these steps are essentially data analysis or data processing and classification steps (i.e., mental process and abstract ideas) carried out in general computer are nothing more than mental and abstract ideas (See MPEP 2106.04(a)(2)(I)(III)).
Step 2A, Prong 2:
Claims 1 does not recite any additional elements/or steps that would integrate the abstract idea into a practical application. However, claim 6 and claim 7 recites additional element “processing circuitry” to execute the computer program instructions and “non-transitory computer-readable recording medium” to store computer program instructions. The computer readable storage media and the computer processor are recited at a high level of generality (i.e., as generic computer components performing generic computer functions to store and to process data respectively). These generic computer functions are no more than mere instructions to apply the exception using generic computer components. The combination of these additional elements does not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea (MPEP 2106.05(f)).
Step 2B:
The additional elements “logistic regression” is a well-known algorithm, “non-transitory computer-readable recording medium” to store computer program instructions and “processing circuitry” to execute the computer program instructions are no more than generic, off-the-shelf computer components, and the Symantec, TLI, OIP Techs, and Versata court decisions cited in MPEP 2106.05(d)(II) indicate that mere collection/receipt of data over a network and/or storing and retrieving information in memory are well-understood, routine, and conventional functions when it is claimed in a merely generic manner (See MPEP 2106.05(d)(II)(IV)). As such, claims 1, 6, and 7 are not patent eligible.
Dependent claims 3, and 14-15, 8, and 11:
Step 1:
Claims 3 and 14-15 are drawn to “a method”, Claims 8 are drawn to “an apparatus” and Claims 11 are drawn to “non transitory computer readable medium” therefore each of these claims falls under one of four categories of statutory subject matter (process/method, machines/products/apparatus, manufactures, and compositions of matter).
Steps 2A-2B:
Dependent claims 3, and 14-15, 8, and 11 are also ineligible for the same reasons given with respect to claims 1, 6 and 7 respectively. Claims 3, and 14-15, 8, and 11 recite further abstract ideas of labeling high priority based on predetermined thresholds, predicting a label (MPEP 2106.04(a)(2)(I)). Claims 3, and 14-15, 8, and 11 fail to recite any additional elements/steps that might integrates the abstract idea into a practical application and improve any computer functionality. As such, claims 3, and 14-15, 8, and 11 are not patent eligible.
Allowable Subject Matter
Claim 1, 3, 6, 7, 8, 11, and 14-15 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph set forth in this Office action.
Claim 1, 3, 6, 7, 8, 11, and 14-15 would be allowable if rewritten or amended to overcome the claim objections set forth in this Office action.
Claim 1, 3, 6, 7, 8, 11, and 14-15 would be allowable if rewritten or amended to overcome the rejection(s) under 101 set forth in this Office action.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20240289447 A1: “relates to automated cybersecurity defense testing and, more particularly, to a network-based system and method for analyzing computer systems and networks for potential compromise and vulnerabilities to cyber-attacks”
US 20240152603 A1: “relates to an activity trace extraction device, an activity trace extraction method, and an activity trace extraction program useful for detecting malware”
US 20220272109 A1: “relates to generating actionable indicators of compromise (IOCs) and providing actionable IOC to a security enforcement service”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMIKSHYA POUDEL whose telephone number is (703)756-1540. The examiner can normally be reached 7:30 AM - 5PM Mon- Fri.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/S.N.P./Examiner, Art Unit 2436
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436