Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed 12/16/2025 has been entered.
Response to Arguments
Applicant’s arguments filed 12/16/2025 have been fully considered and are moot in view of the new grounds of rejection presented herein.
Election by Original Presentation
Newly submitted claims 22-28 are directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: Claims 21-28 are drawn to risk evaluations related to vendor-specific streaming data and associated routing processes, classified in 709/238 while the original claims are drawn to edge security computing and meta data tagging, classified in 726/023.
The inventions are distinct, each from the other because of the following reasons: Inventions I and II are related as subcombinations disclosed as usable together in a single combination. The subcombinations are distinct if they do not overlap in scope and are not obvious variants, and if it is shown that at least one subcombination is separately usable. In the instant case, invention II has separate utility such as processing vendor-specific streaming data. See MPEP § 806.05(d).
Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits. Accordingly, claims 22-28 are withdrawn from consideration as being directed to a non-elected invention. See 37 CFR 1.142(b) and MPEP § 821.03. To preserve a right to petition, the reply to this action must distinctly and specifically point out supposed errors in the restriction requirement. Otherwise, the election shall be treated as a final election without traverse. Traversal must be timely. Failure to timely traverse the requirement will result in the loss of right to petition under 37 CFR 1.144. If claims are subsequently added, applicant must indicate which of the subsequently added claims are readable upon the elected invention.
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103 or pre-AIA 35 U.S.C. 103(a) of the other invention.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-4, 6-14, 16-20 under 35 U.S.C. 103 as being unpatentable over US 20200186544 to Dichiu in view of US 20170124490 to Crabtree.
Regarding claim 1,
Dichiu teaches a system for risk-based observability of a platform, the system comprising:
a receiver of an edge device configured to receive data from plural devices associated with one or more computing environments on a network, the received data having a raw format according to the associated computing environment, the received data including metadata specifying at least one of a source and a data type (¶ 53-54, intercepted network traffic data including metadata including source and data type);
a processor configured to:
convert the raw format of the received data to a structured format (¶ 53, intercepted data converted to structured format);
enhance the converted data by inserting contextual information associated with a corresponding one of the plural devices, the contextual information including at least: location-based objects associated with the computing environment of the received data, the contextual information being obtained from a memory location (¶ 42, 53, enhancing with metadata and event indicators; network traffic flow representation with metadata based on analysis of obtained network data; ¶ 75);
identify and tag at least anomalous data in the enhanced data based on at least risk detection rules applied to the network using the contextual information in the enhanced data (¶ 53-54, analysis of data and formulation of event indicators indicative of threat; ¶ 6-8, 35, 42; ¶ 75, tagging via security label applied to data indicative of security threat);
render synthesized and/or prioritized data from the anomalous data to identify one or more of the plural devices in the computing environment that are from an aggregate source (¶ 53-54, identification of devices from analyzed data); and
a transmitter of the edge device configured to send at least a portion of the synthesized and/or prioritized data to one or more destinations on the network based on one or more tags (¶ 54, 80, transmission of data based on event indicators).
Dichiu fails to teach, but Crabtree teaches: contextual information including geolocation-based objects associated with the computing environment of the received data (¶ 5).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Crabtree. The motivation to do so is that the teachings of Crabtree would have been advantageous in terms of facilitating data retrieval and predictive analysis (Crabtree, ¶ 5).
Regarding claim 12,
Dichiu teaches:
wherein the received data is sourced from at least one of: signature-based alerts grouped by application, device, and user; host-based logs; network-based logs; cyber compliance audits; and network user activity (¶ 53-55, user, network user activity, network logs).
Regarding claim 13,
Dichiu teaches:
wherein the structured format includes a common schema (¶ 53, e.g. netflow).
Regarding claim 14,
Dichiu teaches:
wherein to convert the raw data format of the received data, the processor is configured to: extract specified fields from the data received from the plural devices according to the common schema (¶ 53-54, table 1, extraction to schema).
Regarding claim 6, 16,
Dichiu teaches:
wherein the applied risk detection rules identify security risks and incidents according to the risk content of the network (¶ 75-76, network security threats/intrusions).
Regarding claim 7, 17,
Dichiu teaches:
wherein the processor is configured to: apply the one or more tags to the anomalous data according to a common schema of the structured data format (¶ 75, security labeling).
Regarding claim 8, 18,
Dichiu teaches:
determine whether the one or more tags of the rendered synthesized and/or prioritized data identifies a risk that requires further evaluation (¶ 75-76); and determine whether a specified response action is mapped to the identified risk (¶ 42, 47, 85, security alert response to identified risk), wherein the rendered synthesized and/or prioritized data is sent to one ore more destinations when further evaluation is required and the specified response action is identified (¶ 80, 35, 36, 42, data sent to security server for further analysis).
Regarding claim 19,
Dichiu teaches:
sending, by the transmitter of the edge device, the anomalous data to the one ore more destinations of the network when the identified risk requires further evaluation and a specified response is mapped to the identified risk (¶ 80, 35, 36, 42, data sent to security server for further analysis).
Regarding claim 10, 20,
Dichiu teaches:
wherein the network is an enterprise network having a plurality of distributed computing devices (fig. 1, ¶ 40).
Claims 11 and 21 are addressed by similar rationale as claim 1.
Claim 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Dichiu and Crabtree in view of US 10,158,658 to Sharifi Mehr.
Regarding claim 5, 15,
Dichiu teaches:
wherein the contextual information includes at least IP information (¶ 53-54, table 1, IP information).
Dichiu fails to teach “geographic IP information”. However, Sharifi Mehr teaches geographic IP information (col. 1:55-67, col. 2:25-67, geographic information associated with IP.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teachings of Sharifi Mehr. The motivation to do so is that the teachings of Sharifi Mehr would have been advantageous in terms of facilitating anomaly detection (Sharifi Mehr, col. 2:25-64).
CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RYAN J JAKOVAC whose telephone number is (571)270-5003. The examiner can normally be reached on 8-4 PM EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on 572-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RYAN J JAKOVAC/Primary Examiner, Art Unit 2445
Prosecution Insights