Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
2. Applicant’s arguments filed on 01/30/2026, with respect to the 35 U.S.C. 103 rejections of claims 1-5, 7-11, and 13-17 as being unpatentable over U.S. Publication No. 20150012965 hereinafter Furukawa have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3. Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over
U.S. Publication No. 20150012965 hereinafter Furukawa in view of U.S. Publication No. 20230105021 hereinafter Shah.
As per claim 1, Furukawa discloses:
An information processing apparatus (para 0032 "In order to achieve the
above-mentioned object, an information processing device for handling privacy
information according to the present invention.") comprising:
at least one memory storing instructions; and at least one processor
configured to execute the instructions (para 0153) to:
identify an access attribute for which different results are output from a
first policy model and a second policy model when the access attribute is input to
the first policy model and the second policy model that output (para 0092 "The
user extraction unit 106 acquires a set of user identifiers corresponding to the
service identifier that is inputted by the user from the policy storage unit 101
(B2)." Para 0093 "The user extraction unit 106 acquires from the policy storage
unit 101 a set of tuple of (service identifier and policy) corresponding to the set of
user identifiers acquired in B2 and acquires a set of tuple of (user identifier and
set of tuple of (service identifier and policy)) (B3). The user extraction unit 106
outputs the set of tuple of (service identifier and policy) corresponding to the
inputted user identifier and the set of tuple of (user identifier and set of tuple of
(service identifier and policy)) corresponding to the set of user identifiers, to the
degree of similarity computation unit 107."),
when an access attribute is input, results of determination regarding
access having the input access attribute; and calculate a degree of divergence
between a result of determination by the first policy model and a result of
determination by the second policy model by comparing the results respectively
output from the first policy model and the second policy model when the
identified access attribute is input to the first policy model and the second policy
model (para 0094 "The degree of similarity computation unit 107 computes the
degree of similarity between the user identifiers based on the set of tuple of
(service identifier and policy) corresponding to the inputted user identifier, and
the set of tuple of (user identifier and set of tuple of (service identifier and policy))
corresponding to the set of user identifiers (B4)." Para 0095 "The degree of
similarity computation unit 107 acquires a fixed number of user identifiers that
have higher similarity, and outputs to the policy recommendation unit 104 as a
user set (B5).")
Furukawa does not disclose:
wherein the first policy model and the second policy model output
identify a plurality of the access attributes; and calculate the degree of divergence with respect to each of the plurality of access attributes
Shah discloses:
wherein the first policy model and the second policy model output (para 0056 “Process 500 may include defining (at 510) one or more rules based on the expected behavior from each generated (at 508) model. In some embodiments, ANSS 100 may define (at 510) the one or more rules with values or thresholds that deviate from or are at the limits of the expected behavior of each model. For instance, a first model may predict an expected request rate for a first set of content, and ANSS 100 may define (at 510) a first rule that is violated when the request rate for the first set of content exceeds the expected request rate. Similarly, a second model may predict expected header values for requests originated by a first set of UEs, and ANSS 100 may define (at 510) a second rule that is violated when requests from the first set of UEs have header values that deviate from the expected header values.”)
identify a plurality of the access attributes and calculate the degree of divergence with respect to each of the plurality of access attributes (para 0057 “Process 500 may include determining (at 512) a threat risk associated with each rule. Determining (at 512) the threat risk may include classifying the type of attack that is associated with each rule based on the parameters and/or behaviors that define the rule. For instance, ANSS 100 may classify a first rule as being associated with a volumetric attack when the first rule includes request rate parameters, access time parameters, and/or other parameters that are frequently used in identifying a volumetric attack, and may classify a second rule as being associated with a botnet attack (e.g., SQL injection attacks) when the second rule includes specific parameters that are required to have some static values and other parameters that are required to have some variation. Determining (at 512) the threat risk may further include determining the impact associated with different violations of each rule. ANSS 100 may determine the impact by computing a threat score based on the number of anomalous parameters that are required to violate a rule, a defined severity associated with each anomalous parameter, and/or different amounts or thresholds by which the anomalous parameters violate the rule. More specifically, ANSS 100 may compute the threat score based on an expected impact on the protected services and/or devices when encountering an attack with a particular classification, an expected impact caused by the anomalous parameters, and/or an expected impact caused based on the anomalous parameters deviating from modeled expected parameter by different amounts. For instance, anomalous behavior that violates a volumetric attack rule by no more than 10% of the threshold set for the rule may be indicative of a demand surge for particular content and not an actual attack, and so ANSS 100 may determine (at 512) the risk associated with this violation to be low (e.g., may compute a threat score of 2 in a range of 0-10 with a threat score of 10 representing an attack that may disrupt all services). Anomalous behavior that violates the volumetric attack rule by more than 20% of the set threshold may be a clear indication of a Distributed Denial of Service (“DDoS”) attack, and so ANSS 100 may determine (at 512) the risk associated with this violation to be high (e.g., may compute a threat score of 7 in the range of 0-10). Similarly, anomalous behavior that violates a rule defined for an injection attack (e.g., a SQL injection attack) may be indicative of a serious attack regardless of how much the values associated with the anomalous behavior deviate from the defined rule, and so ANSS 100 may determine (at 512) the risk associated with this violation to be high (e.g., may compute a threat score of 10).”)
Therefore, it would have been obvious to one of ordinary skill in the art
before the effective filing date of the claimed invention to modify information
processing device of Furukawa to include wherein the first policy model and the second policy model output and identify a plurality of the access attributes; and calculate the degree of divergence with respect to each of the plurality of access attributes as taught by Shah.
The motivation would have been to properly understand the relationship
between policies based on an attributes.
As per claim 2, Furukawa in view of Shah discloses:
The information processing apparatus according to : The information processing apparatus according to further wherein the at least one processor is further configured to execute the instructions to: execute statistical processing using all of the calculated degrees of divergence (Shah para 0053 “Process 500 may include modeling (at 506) different behaviors based on different combinations of AI/ML techniques and/or different data structures that are provided as inputs to the AI/ML techniques. The modeling (at 506) may include analyzing and clustering the parameters within a set of data structures according to the AI/ML technique selected for that set of data structures and/or a particular behavioral model.” Para 0058 “Process 500 may include associating (at 514) one or more actions to each particular rule based on the threat risk determined for that particular rule. Since different violations of a particular rule may be associated with different threat risks, ANSS 100 may associate at least a first action when the violation of the particular rule is less than a first amount or threshold, and a second action when the violation of the particular rule is more than the first amount or threshold and less than a second amount or threshold.” The motivation would have been to properly understand the relationship
between policies based on an attributes. ).
As per claim 3, Furukawa in view of Shah discloses:
The information processing apparatus according to wherein the at least one processor is further configured to wherein, in a case where there is the first
policy model and a plurality of the second policy models, further at least one
processor configured to execute the instructions to: identify the access attribute
with respect to each of the plurality of second policy models, and calculate the
degree of divergence with respect to each of the plurality of second policy
models (Furukawa para 0080, 0101 and 0102).
As per claim 4, Furukawa in view of Shah discloses:
The information processing apparatus according to The information
processing apparatus according to wherein the first policy model is a model that
defines a security policy applied to an entire computer system of an organization,
and the second policy models are models that define security policies of
respective groups composing the organization (Furukawa para 0009 "That is, the privacy information using terminal transmits a usage policy (i.e. service policy) to the privacy information holding terminal." Para 0045 "That is, the privacy information using terminal transmits a usage policy (i.e. service policy) to the privacy information holding terminal." Para 0061 "The policy storage unit 101 stores the user identifiers that identify the privacy information holders who are users, the service identifiers that identify the privacy information users who are service providers and the policies that specify handling of privacy information for each of the user identifiers and the service identifiers." para 0063" A user policy which specifies a way of handling of privacy information."),
As per claim 5, Furukawa in view of Shah discloses:
The information processing apparatus according to The information
processing apparatus according to wherein the at least one processor is further configured to execute the instructions to: output the degree of divergence calculated by the divergence degree calculation unit and the access attribute identified by the access attribute identifying unit (Shah para 0057 and 0056, The motivation would have been to properly understand the relationship
between policies based on an attributes).
As per claim 6, Furukawa in view of Shah discloses:
The information processing apparatus according to claim 1, wherein the first policy model and the second policy model are machine learning models that have learned, through machine learning, a relationship between an access attribute and a determination regarding access that has the access attribute (para 0045 “ ANSS 100 may define (at 408) one or more rules that identify anomalous behavior. Defining (at 408) the rules may include performing a regression analysis to determine expected parameters and/or values for request behavior, UE behavior, content access behavior, and/or other behaviors, and may further include generating (at 408) the one or more rules to detect and protect against behavior that is anomalous to and/or that deviates from the modeled expected behaviors. For example, the modeling may identify that all or a particular set of UEs (e.g., UEs of a particular device type, UEs with network addressing within a particular subnet, etc.) are expected to issue no more than 50 requests per minute based on the unsupervised machine learning and modeling. ” Para 0053 “Process 500 may include modeling (at 506) different behaviors based on different combinations of AI/ML techniques and/or different data structures that are provided as inputs to the AI/ML techniques. The modeling (at 506) may include analyzing and clustering the parameters within a set of data structures according to the AI/ML technique selected for that set of data structures and/or a particular behavioral model.” The motivation would have been to properly understand the relationship between policies based on an attributes)
As per claim 7, the implementation of the information processing apparatus
of claim 1 will execute claim the information processing method of claim 7.
The claim is analyzed with respect to claim 1.
As per claim 8, the claim is analyzed with respect to claim 2.
As per claim 9, the claim is analyzed with respect to claim 3.
As per claim 10, the claim is analyzed with respect to claim 4.
As per claim 11, the claim is analyzed with respect to claim 5.
As per claim 12, the claim is analyzed with respect to claim 6.
As per claim 13, the implementation of the information processing
apparatus of claim 1 will execute claim the non-transitory computer
readable recording medium (paragraph 0154) of claim 13. The claim is
analyzed with respect to claim 1.
As per claim 14, the claim is analyzed with respect to claim 2.
As per claim 15, the claim is analyzed with respect to claim 3.
As per claim 16, the claim is analyzed with respect to claim 4.
As per claim 17, the claim is analyzed with respect to claim 5.
As per claim 18, the claim is analyzed with respect to claim 6.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GARY S GRACIA/Primary Examiner, Art Unit 2499
Prosecution Insights