DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant’s election of claims 1-13 in the reply filed on 12 June 2025 is acknowledged. Because applicant did not distinctly and specifically point out the supposed errors in the restriction requirement, the election has been treated as an election without traverse (MPEP § 818.01(a)).
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 29 April 2024 has been considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "control type control coverage". The meaning of this term is unclear. There might be a missing comma in the claim. This renders the claim unclear and indefinite. This issue is repeated in claim 4.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-10, 12, and 13, as best understood, are rejected under 35 U.S.C. 103 as being unpatentable over Hovor et al., USPN 2017/0048266, in view of Hadar et al., USPN 2020/0177617.
With regard to claim 1, Hovor discloses a system to model probability of risk for future cybersecurity breach of a target (0024) including a quantified cyber defense control (QCDC) model configured to receive data associated with cyber controls structure (Fig. 2, 0048), control type control coverage (0048), control strength (0049, 0042), validation frequency (0059), attack paths (0026, 0061, 0065), threat intelligence (0028, 0024), threat actors (0069), attack tactics and techniques (0026, 0069), and subject matter expertise control structure (0024, 0069, 0070), wherein the QCDC model includes a cyber defense & mitigation model configured to determine all available attacks that can be executed against the target by an attacker (0065, 0028, 0037, 0071-0072), a cyber-attack threat exposure model (CATE) configured to model a threat actor's previous attack pathways (0069), current attack pathways (0060, 0070), and future attack pathways against the target (0060, 0069), and a digital twin simulation module configured to simulate combinations of possible attack pathways specified in the CATE model (0044, 0064), wherein the QCDC model is configured to describe the problem of cybersecurity breach against the target having a plurality of nodes representing attack techniques and tactics between a source node and a sink node (0047, 0073, 0099, 0104), and wherein the QCDC model is configured to generate an output indicative of a probability of a breach against the target and associated mitigating defenses (0028, 0021, 0105). Hovor does not disclose the QCDC being presented as a sequence of bipartite directed graphs. Hadar discloses a system to model probability of risk for future cybersecurity breach of a target (0096, 0021, 0097), similar to that of Hovor, and further discloses presenting the model data as a sequence of bipartite directed graphs (0045-0048, 0056). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to implement the output of Hovor as a sequence of graphs, as taught by Hadar, for the motivation of better informing the user of potential risks and thus improving the security of the system.
With regard to claim 2, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the CDMM model is a mapping between controls and attacks used to determine the success probability of an attacker and the target's ability to prevent a successful cyber-attack (0047-0066).
With regard to claims 3, 6, and 12, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hadar further discloses the CDMM model incorporates machine learning techniques to receive and analyze cyber controls structure, control type control coverage, control strength, validation frequency to measure their effectiveness under a cyber-attack (0025). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to utilize the machine learning and artificial intelligence of Hadar in the system of Hovor, for the motivation of improving the analysis and simulation and thus improving the security of the system.
With regard to claim 4, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the CDMM model is an aggregated controls model configured to receive and analyze cyber controls structure, control type control coverage, control strength, validation frequency to develop a probability weighting of a successful cyber-attack (0021, 0027, 0059).
With regard to claim 5, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the CDMM model includes an aggregated controls model configured to receive and analyze cyber controls structure, control type control coverage, control strength, validation frequency to develop a probability weighting of successfully preventing a cyber-attack (0071, 0057-0058, 0043, 0021, 0027, 0059).
With regard to claim 7, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the CATE model is configured to calculate a series of steps in chronological order that an attacker performs to achieve a successful cyber-attack of the target (0060).
With regard to claim 8, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the digital twin simulation module is configured to simulate cyber-attack paths and path combinations specified in the CATE model of known attack threat actors (0044, 0064).
With regard to claim 9, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the digital twin simulation module is configured to simulate attack entry points for attack paths and path combinations specified in the CATE model (0078, 0088, 0044, 0064).
With regard to claim 10, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the digital twin simulation module is configured to simulate and determine at least one of a fastest breach path, a cumulate path, and a most common path of the threat actor's cyber-attack specified in the CATE model (0044-0045, 0059, 0061, 0067).
With regard to claim 13, Hovor in view of Hadar discloses the system of claim 1, as outlined above, and Hovor further discloses the bipartite directed graph includes a plurality of nodes representing attack techniques and tactics from the CATE model and weights for the nodes are from the CDMM model (0044, 0064, Fig. 2).
Claim 11, as best understood, is rejected under 35 U.S.C. 103 as being unpatentable over Hovor, in view of Hadar, in further view of Berninger et al., USPN 11,258,806.
With regard to claim 11, Hovor in view of Hadar discloses the system of claim 3, as outlined above, and Hadar further discloses using AI, as outlined above, but does not disclose that the CATE model identifies and group attackers using similar attack methodologies. Berninger discloses a system of securing a system from attack using machine learning (general background, column 2 lines 42-57), similar to that of Hovor and Hadar, and further discloses identifying and group attackers using similar attack methodologies (abstract, column 3 lines 52-67). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to implement the actor grouping of Berninger to detect malicious groups of threat actors in the system of Hovor in view of Hadar, using the AI of Hadar, for the motivation of better identifying potential risks and thus improving the security of the system.
References Cited
Scimemi et al., USPN 2025/0119456, discloses a system to determine probability of breach (0138) by running a simulation (0132) represented by graphs (0149), but does not read on the instant claims, and does not have a prior effective filing date.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JACOB LIPMAN/Primary Examiner, Art Unit 2434