Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1 – 20 are pending.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.
This action is in response to the communication filed on 10/28/25.
All objections and rejections not set forth below have been withdrawn.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1 – 5, 10, and 14 – 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rawat et al. (Rawat), US 2022/0188690 A1.
Regarding claim 1, Rawat discloses:
A method for performing threat detection comprising (e.g. Rawat, Abstract):
receiving, by a detection system (e.g. Rawat, fig. 1), a set of labels (e.g. Rawat, fig. 2:45) that are generated using an unsupervised machine learning model (e.g. Rawat, par. 39 – e.g. DBSCAN), the set of labels received from a label data store (e.g. Rawat, fig. 2:45; par. 39, 40, 50, 51 – the label data is embodied within and received from hardware/software logic and memory, i.e. “a label data store”; see also applicant’s own characterization of a “data store”, Specification, par. 185);
initiating, by the detection system, a training process of a supervised machine learning model (e.g. Rawat, par. 40 – SVM, i.e. a “Support Vector Machine” or supervised model, is initiated using labels generated from DBSCAN, i.e. an unsupervised model; see also Rawat , fig. 1:14; par. 30, 41 - herein the SVM is further trained using the Meta Model) using the set of labels from the unsupervised machine learning model (e.g. Rawat, par. 40);
initiating, by the detection system, an inference process of the supervised machine learning model (e.g. Rawat, par. 26, 29, 44; fig. 1:26 – herein during live activity or deployment – i.e. an “inference process” using the SVM), wherein output of the inference process generates the set of clustered data (e.g. Rawat, par. 26, 29 – the SVM generates an output comprising a classification or clustering of data according to groupings such as “normal” and/or “threat”);
and storing, by the detection system, the supervised machine learning model in a model data store for future inference processes on new data (e.g. Rawat, par. 42, 45, 50, 51 – the SVM model is updated and embodied within hardware/software logic and memory, i.e. “a model data store”; see also applicant’s own characterization of a “data store”).
Regarding claim 2, Rawat discloses:
wherein generating the set of labels comprises: executing the unsupervised machine learning model to identify clusters in unlabeled data (e.g. Rawat, par. 28, 39);
and automatically assigning, by the unsupervised machine learning model, labels that encode cluster membership of the unlabeled data without human labeling intervention (e.g. Rawat, par. 28, 39 – herein, the DBSCAN autonomously assigns tentative or soft labels).
Regarding claim 3, Rawat discloses:
wherein generating the set of labels comprises: executing the unsupervised machine learning model to reduce a number of input variables or features from unlabeled data and transform the unlabeled data into a low-dimensional space to produce a transformed representation (e.g. par. 37, 39 – the unsupervised model take a large unlabeled data set of features and reduces the complexity of the dataset into one or more clusters or groups);
and automatically assigning, by the unsupervised machine learning model, labels for the unlabeled data based on the transformed representation (e.g. Rawat, par. 39 – the dataset of clusters or groups are labeled).
Regarding claim 4, Rawat discloses:
wherein generating the set of labels comprises: executing the unsupervised machine learning model to automatically assign binary labels to indicated whether unlabeled data is outlier data or normal data (e.g. Rawat, par. 39 – cluster labels may indicate data as either benign or malicious). See also Rawat (e.g. fig. 1; par. 29, 44), wherein the pipeline, including the unsupervised machine learning model, is executed so as to automatically produce labels of benign or malicious, i.e. “normal” or “outlier” data.
Regarding claim 5, Rawat discloses:
wherein the set of labels that was determined from the unsupervised machine learning model is provided as input to the supervised machine learning model (e.g. Rawat, par. 28, 39 - 41), and the training process iteratively adjusts parameters of the supervised machine learning model to minimize a difference between predictions and true labels (e.g. Rawat, par. 41-45).
Regarding claim 10, Rawat discloses:
further comprising: initiating an action based on the inference process of the supervised machine learning model (e.g. Rawat, par. 40 – an actions, such as notifications -at least – are initiated based upon the inference process).
Regarding claims 14 – 20, they are system and medium claims essentially corresponding to the above, and they are rejected, at least, for the same reasons. Furthermore regarding claim 14 and 20, Rawat discloses:
…a memory; and a processor that are configured to execute machine readable instructions stored in the memory … and … A non-transitory computer-readable storage medium storing a plurality of instructions executable by one or more processors… (e.g. Rawat, par. 48 - 52).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 6 – 9 and 11 – 13 are rejected under 35 U.S.C. 103 as being unpatentable over Rawat et al. (Rawat), US 2022/0188690 A1 in view of Miller et al. (Miller), US 2019/0188212 A1.
Regarding claim 6, Rawat discloses continuously optimizing an unsupervised machine learning model during inference (e.g. Rawat, par. 23, 29, 41). However, Rawat does not appear to explicitly teach a “confidence score” resulting from the inference process, i.e. anomaly or threat detection, that can be used to adjust data clustering.
However, Miller, like Rawat, teaches using a threat detection system using machine learning algorithms, comprising generating a confidence score (e.g. Miller, par. 120 – statistical confidence score) associated with the inference process of the supervised machine learning model (e.g. Miller, fig. 1:100; par. 118 – during operation of threat detectors, i.e. the supervised machine learning model), wherein the confidence score is a likelihood that unlabeled data received by the unsupervised machine learning model is to be grouped in the set of clustered data (e.g. Miller, par. 120, 121).
It would have been obvious to one of ordinary skill in the art to utilize the “confidence score” teachings of Miller within the threat detection system of Rawat. This would have been obvious because one of ordinary skill in the art would have been motivated by the teachings that using a confidence score can help to improve the accuracy of detecting outlier data (e.g. Miller, 118, 120).
Regarding claim 7, the combination enables:
wherein the confidence score is determined for each cluster in the set of clustered data and a greatest confidence score associated with a particular cluster determines which cluster data are assigned (e.g. Miller, par. 120, 121).
Regarding claim 8, the combination enables:
wherein the confidence score is determined for each cluster in the set of clustered data and the confidence score is a thresholding for classification (e.g. Miller, par. 120, 121 – “low confidence” or “false positive rate” is equivalent to “thresholding”).
Regarding claim 9, the combination enables:
wherein the confidence score corresponds with a determination that the unlabeled data is outlier data when it is not similar to existing data (e.g. Miller, par. 120, 121 – comparison of the confidence score to a “false positive rate” allows for determining when the data is an outlier or belongs within a cluster).
Regarding claim 11, Rawat discloses initiating an action, such as a notification, upon threat detection during an inference process. However, Rawat does not appear to explicitly teach that the notification is displayed.
However, Miller, like Rawat, teaches using a threat detection system using machine learning algorithms, and teaches performing an action, such as a notification, upon detection during an inference process, and furthermore teaches that the notification is displayed (e.g. Miller, par. 67).
It would have been obvious to one of ordinary skill in the art to utilize the notification display teachings of Miller within the threat detection system of Rawat. This would have been obvious because one of ordinary skill in the art would have been motivated by the teachings that displaying the notification allows a user to inspect the system and perform an appropriate response (e.g. Miller, 67, 123).
Thus, the combination enables:
wherein the action comprises updating a display that identifies an inference associated with the set of clustered data (e.g. Miller, par. 67).
Regarding claim 12, the combination enables:
wherein the action comprises sending a notification to remove a device from communicating with a detection system via a network (e.g. Rawat, 37, 40; see also Miller, par. 7, 67). The examiner points out that information is purposeful for all that it may imply. For example, “1” may imply “a security log”, or may imply “normal data” and/or may imply “outlier data”, and “0” may imply “not a security log” or “outlier data” and/or “normal data” (e.g. see Applicant’s own admission, Specification, par. 29, 30). Thus, any “alert” of maliciousness or threat implies to a receiver of the notification the need to remove the malicious or offending device. However, the examiner furthermore notes that the informational content of non-functional descriptive material is not afforded patentable weight. Thus, the information or meaning of the alert does not change the functionality or provide an additional function to the step of sending/receiving an alert. See Ex parte Nehls, 88 USPQ2d 1883, 1887-90 (BPAI 2008) (precedential); Ex parte Curry, 84 USPQ2d 1272 (BPAI 2005) (informative) (Federal Circuit Appeal No. 2006-1003, aff'd, Rule 36 (June 12, 2006)); Ex parte Mathias, 84 USPQ2d 1276 (BPAI 2005) (informative), aff'd, 191 Fed. Appx. 959 (Fed. Cir. 2006).
Regarding claim 13, the combination enables:
wherein the action comprises adding a portion of the set of clustered data to an outlier queue for further review (e.g. Rawat, par. 40; see also Miller par. 7, 67 - Malicious data is output for review.
Response to Arguments
Applicant’s arguments with respect to the pending claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965. The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495