Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claim 10-21 and 24-36 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 9 and 13-16 of copending Application No. 18/382,968 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because the instant claims 10, 20, 24, and 31 are substantially within the scope of claims 9 and 21 of ‘968, and are thus deemed to be an obvious variation. Further, the instant claim 12 (and 11, from which claim 12 depends), 13, 14, 15, and 20 (as well as claims 25-28 and 32-35, which are similar to claims 12-15) are substantially within the scope of claims 13, 14, 15, 16, and 9, respectively, of ‘968, and are thus deemed to be an obvious variation. In summary, claims 10-15, 20, 24-28, and 31-35 are fully within the scope of one or more of claims 9 and 13-16 of ‘968, and are thus deemed to be an obvious variation.
Further, claims 16-17, 19, 21, 29-30, and 36 are obvious over ‘968 in view of US 2021/0273957 (Boyer).
With regard to claim 16, the claims of ‘968 fail to disclose, but Boyer teaches providing to the trained machine learning model a third input comprising third access data identifying access types corresponding to the first plurality of data items accessed at the SaaS management platform using the first user account (Boyer: Paragraph [0054] and [0090]. Characteristics can be checked, which includes “types of data transfers,” which would constitute “access types” in as much detail as claimed.). Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to check the types of data transfers to better identify anomalous behavior of the user.
With regard to claim 17, the claims of ‘968 fail to disclose, but Boyer teaches providing to the trained machine learning model a fourth input comprising fourth access data identifying time periods the first plurality of data items were accessed at the SaaS management platform using the first user account (Boyer: Paragraph [0128]. The data can be used to produce time series data, which can then be bucketed into individual time slices (time periods).). Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to check the time periods of accesses to better identify anomalous behavior of the user.
With regard to claim 19, the claims of ‘968 fail to disclose, but Boyer teaches providing to the trained machine learning model a sixth input comprising sixth access data identifying frequencies at which the first plurality of data items were accessed at the SaaS management platform using the first user account (Boyer: Paragraph [0077]. A number of times an interaction with the SaaS application took place in a time period can be determined and used to identify unusual behavior, where the number of occurrences over a specified time would constitute “frequencies.”). Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to check the frequencies of accesses to better identify anomalous behavior of the user.
With regard to claim 21, the claims of ‘968 fail to disclose, but Boyer teaches providing to the trained machine learning model an eighth input comprising information identifying, for the first user account, a respective department of a plurality of departments of the client organization (Boyer: Paragraphs [0054] and [0191]. The work groups field describes the role, where in the example, “software development group” would be the group, and would constitute “a respective department,” in as much detail as required by the instant claim.). Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to check the department to better identify anomalous behavior of the user, such as accesses to information that are unrelated to the department of the user.
With regard to claims 29-30, the instant claims are similar to claims 16-17, respectively, and are thus rejected for similar reasons.
With regard to claims 36, the instant claim is similar to claims 16, and is thus rejected for similar reasons.
Further, with regard to claim 18, the claims of ‘968 in view of Boyer fail to teach, but 2020/0265356 (Lee) teaches providing to the trained machine learning model a fifth input comprising fifth access data identifying, for the first user account, calendar events corresponding to non-work periods (refb: Paragraphs [0175]-[0176]. As part of a risk determination for a user, a user’s work schedule can be utilized and compared with accesses to data.). Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize data comparing a user’s work schedule with accesses to identify accesses outside of the user’s work hours to provide another metric to identify anomalous behavior.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 10-17, 19-21, and 24-36 is/are rejected under 35 U.S.C. 102a1 as being anticipated by US 2021/0273957 (Boyer).
With regard to claim 10, Boyer discloses a method for using a trained machine learning model using information pertaining to accesses of data items at a software-as-a-Service (SaaS) management platform to determine an occurrence of malicious activity at the SaaS management platform, the method comprising:
providing to the trained machine learning model a first input, the first input comprising first access data identifying a first plurality of data items accessed at the SaaS management platform using a first user account of a plurality of user accounts associated with a client organization (Boyer: Paragraph [0054]. Context is gathered for the associated SaaS application, which can include a file access list.); and
obtaining, from the trained machine learning model, one or more outputs identifying (i) an indication of a potential occurrence of malicious activity corresponding to the access of data items by the first user account at the SaaS management platform (Boyer: Paragraph [0060]), and (ii) a level of confidence that the potential occurrence of malicious activity is an actual occurrence of malicious activity by the first user account at the SaaS management platform (Boyer: Paragraphs [0060] and [0169] and Figure 15. When a threat is identified, such as malicious behavior identified from the user’s inputs, a threat risk parameter (output) can be generated that includes a confidence of malicious behavior, where this information can then be used to determine remedies to be performed (Boyer: Paragraphs [0156] to [0157]).).
With regard to claim 11, Boyer discloses determining whether the level of confidence that the potential occurrence of malicious activity is the actual occurrence of malicious activity by the first user account at the SaaS management platform satisfies a threshold level (Boyer: Paragraphs [0139] and [0143]).
With regard to claim 12, Boyer discloses responsive to determining that the level of confidence satisfies the threshold level, initiating a security response to address the actual occurrence of malicious activity (Boyer: Paragraphs [156] to [0157]. Different actions may be taken based on the threat.).
With regard to claim 13, Boyer discloses that initiating the security response to address the actual occurrence of malicious activity comprises: providing a notification identifying the actual occurrence of malicious activity, an identifier of the first user account, and information identifying the first access data (Boyer: Paragraphs [0090] and [0143]. A user interface can be provided that provides a user with the information.).
With regard to claim 14, Boyer discloses initiating the security response to address the actual occurrence of malicious activity comprises: initiating, at the SaaS management platform, an account lock out corresponding to the first user account (Boyer: Paragraph [0157]. The user account can be disabled.).
With regard to claim 15, Boyer discloses wherein the first input comprises the first access data identifying the first plurality of data items accessed at a first SaaS service of the SaaS management platform using the first user account, the method further comprising: providing to the trained machine learning model a second input, the second input comprising second access data identifying a second plurality of data items accessed at a second SaaS service of the SaaS management platform using the first user account (Boyer: Paragraphs [0054], [0139], [0199], and [0202]. The data is collected about the user across multiple SaaS applications.).
With regard to claim 16, Boyer discloses providing to the trained machine learning model a third input comprising third access data identifying access types corresponding to the first plurality of data items accessed at the SaaS management platform using the first user account (Boyer: Paragraph [0054] and [0090]. Characteristics can be checked, which includes “types of data transfers,” which would constitute “access types” in as much detail as claimed.).
With regard to claim 17, Boyer discloses providing to the trained machine learning model a fourth input comprising fourth access data identifying time periods the first plurality of data items were accessed at the SaaS management platform using the first user account (Boyer: Paragraph [0128]. The data can be used to produce time series data, which can then be bucketed into individual time slices (time periods).).
With regard to claim 19, Boyer discloses providing to the trained machine learning model a sixth input comprising sixth access data identifying frequencies at which the first plurality of data items were accessed at the SaaS management platform using the first user account (Boyer: Paragraph [0077]. A number of times an interaction with the SaaS application took place in a time period can be determined and used to identify unusual behavior, where the number of occurrences over a specified time would constitute “frequencies.”).
With regard to claim 20, Boyer discloses providing to the trained machine learning model a seventh input comprising information identifying a respective job title of a plurality of job titles for the first user account (Boyer: Paragraph [0054]).
With regard to claim 21, Boyer discloses providing to the trained machine learning model an eighth input comprising information identifying, for the first user account, a respective department of a plurality of departments of the client organization (Boyer: Paragraphs [0054] and [0191]. The work groups field describes the role, where in the example, “software development group” would be the group, and would constitute “a respective department,” in as much detail as required by the instant claim.).
With regard to claims 24-30, the instant claims are similar to claims 10 and 12(with claim 11, from which claim 12 depends) through 17, respectively, and are thus rejected for similar reasons.
With regard to claims 31-36, the instant claims are similar to claims 10 and 12 (with claim 11, from which claim 12 depends) through 16, respectively, and are thus rejected for similar reasons.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boyer in view of US 2020/0265356 (Lee).
With regard to claim 18, Boyer fails to disclose, but Lee teaches providing to the trained machine learning model a fifth input comprising fifth access data identifying, for the first user account, calendar events corresponding to non-work periods (refb: Paragraphs [0175]-[0176]. As part of a risk determination for a user, a user’s work schedule can be utilized and compared with accesses to data.).
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize data comparing a user’s work schedule with accesses to identify accesses outside of the user’s work hours to provide another metric to identify anomalous behavior.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT B CHRISTENSEN whose telephone number is (571)270-1144. The examiner can normally be reached Monday through Friday, 6AM to 2PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached at (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
SCOTT B. CHRISTENSEN
Examiner
Art Unit 2444
/SCOTT B CHRISTENSEN/Primary Examiner, Art Unit 2444