DETAILED ACTION
This non-final office action is in response applicant’s remarks and request for continued examination filed 01/22/2026 and 02/02/2026 respectively. Claims 3, 6, and 14 have been canceled. Claims 1-2, 4-5, 7-13, and 15-25 are pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on January 06, 2026 has been entered.
Response to Arguments/Amendments
Applicant’s claim amendments to independent claims have been fully considered and are persuasive. The rejection of claims 1-2, 4-5, 7-13, and 15-25 under 35 USC § 103 is hereby withdrawn.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 23 is rejected under 35 U.S.C. 101 because
Claim 23 recite “A computer readable medium storing …” In specification of the instant application applicant recited that it should be understood that the program code can be stored on a non-transitory computer readable medium, such as the memory devices for the system 100 (e.g., computing device), which may be memory semiconductors (e.g., DRAMs, etc.) or other tangible and non-transitory means for providing software to the system 100. The computer programs (e.g., computer control logic) or software may be stored in memory 110 resident on/in the system 100. Such computer programs or software, when executed, may enable the system 100 to implement the present methods and exemplary embodiments discussed herein. Accordingly, such computer programs may represent controllers of the system 100. Where the present disclosure is implemented using software, the software may be stored in a computer program product or non-transitory computer readable medium and loaded into the system 100 using any one or combination of a removable storage drive, an interface for internal or external communication, and a hard disk drive, where applicable (para. [0030]), where the computer-readable medium does not have a specific definition and does not limit the claimed medium from being a transitory medium such as signal.
Pending claims are interpreted as broadly as their terms reasonably allow. See In re Zletz, 893 F.2d 319 (Fed. Cir. 1989). The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent (See MPEP 2111.01). When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. §101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter) and Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 U.S.C. § 101, Aug. 24, 2009; See p. 2. OFFICIAL GAZETTE of the UNITED STATES PATENT AND TRADEMARK OFFICE, volume 1351, February 23, 2010, OG 212 (subject matter eligibility of computer readable media). In an effort to assist the patent community in overcoming a rejection or potential rejection under 35 U.S.C. § 101 in this situation, the USPTO suggests the following approach.
A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation “non-transitory” to the claim.
Some other solutions as
-- an amendment the claimed term to: "computer usable memory", or "computer usable storage memory", "computer readable memory", "computer readable device", (i.e. any variations thereof, where "media" or "medium" is replaced by "device" or "memory") or adding "wherein the medium is not a signal".
-- “an amendment to the specification defining the medium is not a signal and deleting the statement in the spec stating that the medium can be a signal”,
-- “an amendment to the specification defining the medium a form of memory devices and deleting the statement in the spec stating that the medium can be a signal”,
-- “a disavowal statement and an amendment to the spec deleting the medium is a signal statement”.
Allowable Subject Matter
Independent claims 1, 12, and 23 have been amended to incorporate allowable subject matters.
Claims 1-2, 4-5, 7-13, and 15-25 are allowed over prior arts of record.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US 11,856,008 B2 (Yavo et al.): An endpoint detection and response (EDR) agent of multiple endpoint security agents running on an endpoint device detects an incident. A security incident alert is generated by the EDR agent by proactively collecting data regarding the incident. Identification of a device coupled to a private network as potentially being compromised by a security service of a Managed Security Service Provider (MSSP) protecting the private network is facilitated by the EDR agent transmitting the security incident alert to the security service via a security agent of the multiple endpoint security agents corresponding to the security service. Abstract.
US 2021/0392146 A1 (Lin et al.): [0059] In the ML-based UEBA system 400, the grouping model 402 is connected to the data 420, as well as providing its output to the behavior models 406. The behavior models 406 also receives inputs from the data 420, as well as risk score 430 information. The risk score information could contain the alerts provided by endpoint detection and response vendors. An output of the orchestration model 404 is provided to the active learning model 408. The orchestration model 404 outputs behavior-based analysis/alerts 432, which are used to provide feedback to the active learning model 408 and the multi-tenant cloud insights 422. The active learning model 408 can use the feedback to determine whether or not a specific classification, i.e., user risk score or alert, was correct or not. This active learning model 408 is used to improve the models 402, 404, 406.
US 2019/0207981 A1 (Sweeney et al.): [0097] In some embodiments, an event pattern includes a regular expression with a plurality of named groups. In these embodiments, upon matching security event 401 to the selected event pattern, event parser 406 can output a parsed event including a plurality of captured groups of text from the record and corresponding to the plurality of corresponding named groups of the selected event pattern. In some embodiments, the captured groups can include categories of information that enable metadata to be generated for security event 401 and to map security event 401 to a common information model. Examples of captured groups may include network device IDs (e.g., MAC address, IP address, and asset serial number), security control device IDs, event severity information, vendor identification information, event type, etc. These event categories are based on a set of patterns defined to map to a common information model, according to some embodiments.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached at 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Shawnchoy Rahman/Primary Examiner, Art Unit 2438
Prosecution Insights