Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 remain for examination. Claims 1, 3, 5, 13, 15 have been amended. Claims 2, 15 have been cancelled. Applicant's arguments filed on 0721/2025 have been fully considered but they are moot in view of the new ground(s) of rejection necessitated by the amendments. Accordingly, this action has been made final.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of pre-AIA 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-20 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Kursun US PGPUB No. 20200186523 A1 in view of SOUTH US 20170171754 A1; in further view of Crabtree US No. 20210112101 A1.
As to claim 1, Kursun teaches a method for assessing risk associated with nodes, the method comprising: recovering information on one or more characteristics of a node, wherein the information corresponds to at least one selected from the group consisting of: node hardware, node software, node event history, and node functionalities (Kursun Fig. 1, Pa. [0006]) [Fig. 1 with multiple nodes. The device biometric data comprises hardware characteristics] [“Smart contract” as used herein may refer to executable computer code or logic that may be executed according to an agreement between parties upon the occurrence of a condition precedent (e.g., a triggering event]; deriving one or more characterizations of the node based on the information (Kursun Pa. [0006]) [the hardware characteristics comprising response time, performance, battery degradation speed, chip variations, hardware imperfections, or unique memory identifiers], wherein each of the one or more characterizations reflect a state of a characteristic of the one or more characteristics Kursun Pa. [0052]) [variations in device hardware characteristics may exist within the range of specified acceptable tolerances (can be viewed as state of a characteristic)]; and are expressed as statements on a blockchain (Kursun Pa. [0056]) [The blockchain ledger may comprise the unique identifier profiles and user account data as described above in addition to information about “trusted” personal devices added by the user]
It is noted that Kursun does not appear explicitly disclose recovering, from an assertion unit, an assertion, wherein the assertion is a digitally- signed value comprising a time-stamped verification verifying validity of the one or more characterizations of the node.
However, SOUTH discloses recovering, from an assertion unit, an assertion (SOUTH Pa. [0041]) [various modules of the interactive emergency information and identification system 200, in accordance with certain embodiments], wherein the assertion is a digitally- signed value comprising a time-stamped verification verifying validity of the one or more characterizations of the node (SOUTH Pa. [0084]) [generates beacon verification information and transmits it back to the app instance. The beacon verification information is based upon the app instance verification information and contains a digitally signed value that will be ultimately used by the system 200 to verify that the messages purportedly sent by the beacon are actually generated by the beacon…when the beacon receives the signed random number from the app instance the beacon: (i) concatenates the signed random number with a timestamp of the current time (maintained by the beacon's real time clock) …The use of the timestamp in the digest allows the system 200 to verify not only the identity of the beacon but also that the app instance was physically near the beacon at the time reported]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Crabtree to the cyber-security system of Kursun would have yield predictable results and resulted in an improved system, namely, a system that would detect with an app instance executing on a user device associated with an individual, a signal from a beacon disposed in a geographical location physically proximate to the user device and transmitting in response to the detecting, with the app instance executing on the user device, app instance verification information to the beacon (SOUTH Pa. [0006])
Furthermore, the combination of Kursun and SOUTH fails to disclose deriving a reputation score for the assertion unit, wherein the reputation score discloses estimates of verification accuracy for the assertion unit; and determining a risk score for the node based on the reputation score, the one or more characterizations, and the assertion, wherein the risk score corresponds to a degree of risk associated with performing an action with the node.
However, Crabtree discloses deriving a reputation score for the assertion unit (Crabtree Pa. [0056]) [A reputation scoring engine 440 processes the ingested data 402 and assigns a reputation score], wherein the reputation score discloses estimates of verification accuracy for the assertion unit (Crabtree Pa. [0064]) [At the queue 451, data stewards are compensated for verifying the accuracy or making corrections to the synthetic data with relation to the real data]; and determining a risk score for the node based on the reputation score (Crabtree Pa. [0056]) [The reputation score is comprised of a cyber-risk score 441, data provenance score 442, and a data quality score], the one or more characterizations, and the assertion, wherein the risk score corresponds to a degree of risk associated with performing an action with the node (Crabtree Pa. [0054]) [the system's risk analytics capabilities; and the ability to format and deliver customized reports and dashboards 351, perform generalized, ad hoc data analytics on demand 352, continuously monitor, process and explore incoming data for subtle changes or diffuse informational threads, note: the risk analytics have capabilities to determine degree of risk associated with transacting with the node]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Crabtree to the cyber-security system of Kursun and SOUTH would have yield predictable results and resulted in an improved system, namely, a system that would provide a compliance engine to analyze communications to determine whether they comply with corporate policies, and an audit controls module to record and examine encrypted communications to determine whether a security violation has occurred (Crabtree Pa. [0005])
As to claim 2, Kursun teaches wherein the risk score is selected from the group consisting of a financial risk score, a security risk score, an unoriginality risk score, and an insurance risk score (Kursun Pa. [0089]) {the risk and/or security score of the node]
As to claim 3, Kursun teaches wherein a characterization of the one or more characterizations is associated with at least one selected from a group consisting of a digital rights module (DRM), a trusted execution environment (TEE), a security mechanism, and an operating system (OS) (Kursun Pa. [0066]) [the security configuration and/or policies of the node]
As to claim 4, Kursun teaches wherein a characterization of the one or more characterizations is stored as an augmentation of the node (Kursun Pa. [0014]) [add a detected hardware characteristic to the unique device identifier profile]
As to claim 5, Kursun teaches wherein the characterization is at least one of: an element included in the node; a meta-token attached to the node; a record stored externally to the node that is referenced by the node; a record accessible by a public key associated with the node; or an independent token that depicts a representation of the characterization (Kursun Pa. [0054]) [the identifier data may further include secured tokens]
As to claim 6, Kursun teaches wherein determining the risk score comprises recovering, from the assertion unit, one or more additional characterizations of the node (Kursun Pa. [0014]) [add a detected hardware characteristic to the unique device identifier profile]
As to claim 7, Kursun teaches wherein: a first characterization of the one or more characterizations corresponds to a particular characteristic and is time-stamped for a first timepoint; a second characterization corresponds to the particular characteristic and is time-stamped for a second timepoint; and the second timepoint occurs after the first timepoint (Kursun Pa. [0077]) [genesis block header 301 may further comprise a genesis block timestamp 304 that indicates the time at which the block was written to the blockchain 150. In some embodiments, the timestamp may be a Unix timestamp]
As to claim 8, Kursun teaches wherein the risk score is part of an array of risk scores wherein each risk score in the array of risk scores corresponds to a specific characterization of the one or more characterizations (Kursun Pa. [0066]) [risk score (e.g., the entity to which the node belongs, the security configuration and/or policies of the node, reference data quality, or the like)]
As to claim 9, the combination of Kursun, South and Crabtree teaches wherein each risk score in the array of risk scores corresponds to a different potential vulnerability of the node (Crabtree Pa. [0047]) [attackers to check for an open port on any available hosts to select a target for an attack that exploits a vulnerability using that port. This type of scan is also useful for security audits, to ensure that vulnerabilities are not exposed on any of the target hosts]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Crabtree to the cyber-security system of Kursun and SOUTH would have yield predictable results and resulted in an improved system, namely, a system that would provide a compliance engine to analyze communications to determine whether they comply with corporate policies, and an audit controls module to record and examine encrypted communications to determine whether a security violation has occurred (Crabtree Pa. [0005])
As to claim 10, the combination of Kursun, South and Crabtree teaches wherein: the risk score is determined using a scoring entity (Kursun Pa. [0066]) [risk score (e.g., the entity to which the node belongs, the security configuration and/or policies of the node, reference data quality, or the like)]; the scoring entity is associated with a reputation score; and the reputation score discloses a reputation for accuracy held by the scoring entity (Crabtree Pa. [0056]) [A reputation scoring engine 440 processes the ingested data 402 and assigns a reputation score. The reputation score is comprised of a cyber-risk score 441, data provenance score 442, and a data quality score 443.]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Crabtree to the cyber-security system of Kursun and SOUTH would have yield predictable results and resulted in an improved system, namely, a system that would provide a compliance engine to analyze communications to determine whether they comply with corporate policies, and an audit controls module to record and examine encrypted communications to determine whether a security violation has occurred (Crabtree Pa. [0005])
As to claims 11- 20, claims 11-20 recite the claimed that contain respectively similar limitations as claims 1-10 therefore, they are rejected under the same rationale.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438. The examiner can normally be reached Monday -Friday 8:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EVANS DESROSIERS/Primary Examiner, Art Unit 2491