DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/10/2025 has been entered.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-4, 8-11, 15-18 is/are rejected under 35 U.S.C. 102 (a) (s) as being anticipated by Andriani (US 2023/0156032 A1).
Re Claim 1, 8 & 15, Andriani teaches a method for simulating attacks on a device, the method comprising:
obtaining one or more attack behaviors from a threat intelligence source; (Andriani; FIG. 1-14; ¶ [0057], [0093], [0097], [0115], [0183]; The system receives CVE/BID/unknown proprietary research exploits (attack behaviors, threat intelligence source) from a source.)
generating, at an attack simulation system, an attack using the one or more of the attack behaviors and a destination test device, (Andriani; FIG. 1-14; Background, Summary, ¶ [0094], [0114]-[0120], [0142]-[0162], [0179]-[0187]; A perimeter security system, generating a test/simulation related system for behaviors/threats/attacks and coordination testing devices (destination test device).)
wherein the generated attack simulates an exploitation of a vulnerability in an application running on the destination test device, and wherein the destination test device is separate from and external to the attack simulation system; (Andriani; FIG. 1-14; Background, Summary, ¶ [0094], [0114]-[0131], [0142]-[0162], [0179]-[0187]; Attack simulations, testing attacks and exploits of related vulnerabilities at a coordination testing device. The testing device is separate from and external to the perimeter security system.)
transmitting the generated attack through a data interface to the destination test device; (Andriani; FIG. 1-14; Background, Summary, ¶ [0094], [0114]-[0131], [0142]-[0162], [0179]-[0187], [0222], [0463]-[0465]; Data transmission via communication interface.)
pulling detection data from the destination test device through a management interface; and (Andriani; FIG. 1-14; Background, Summary, ¶ [0152]-[0174], [0221]-[0243]; A management console (management interface) allows for the transmission and review of testing related data (detection data).)
generating a report that identifies any security gaps in the destination test device. (Andriani; FIG. 1-14; Background, Summary, ¶ [0118], [0142], [0150]-[0174]; Generating a report that identifies security vulnerabilities based on tests of the related coordination testing device.)
Re Claim 2, 9 & 16, Andriani discloses the method of claim 1, further comprising:
receiving one or more parameters for the attack through an application program interface; and (Andriani; FIG. 1-14; Background, Summary, ¶ [0118]-[0121], [0131], [0140]-[0145]; Parameters of each type of attack, instructions via a API.)
receiving device and attack data from a database. (Andriani; FIG. 1-14; Background, Summary, ¶ [0097], [0118]-[0121], [0131], [0140]-[0145]; Attack data from a database.)
Re Claim 3, 10 & 17, Andriani discloses the method of claim 2, further comprising:
transmitting device and attack data to the database. (Andriani; FIG. 1-14; Background, Summary, ¶ [0097], [0118]-[0131], [0140]-[0145]; Transmitting device and attack data to a database.)
Re Claim 4, 11 & 18, Andriani discloses method of claim 1, wherein the report contains information about security gaps in a user interface of the destination test device. (Andriani; FIG. 1-14; Background, Summary, ¶ [0118], [0142], [0150]-[0174]; Generating a report that identifies security vulnerabilities based on tests of the related coordination testing device.)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 5-6, 12-13, 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Andriani (US 2023/0156032 A1) and further in view of Dunn et al. (US 2023/0336581 A1).
Re Claim 5, 12 & 19, Andriani discloses the method of claim 1, yet does not explicitly suggest wherein the one or more attack behaviors are related to attack behaviors that are transmitted via electronic mail.
However, in analogous art, Dunn teaches wherein the one or more attack behaviors are related to attack behaviors that are transmitted via electronic mail. (Dunn; FIG. 1; ¶ [0051]-[0054], [0059]-[0063]; The embodiment(s) describe comparable methodology such as attack behaviors transmitted via e-mail.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify Andriani in view of Dunn to related attack behaviors to e-mails for the reasons of detecting vulnerabilities in network nodes and cyber security detection of email systems. (Dunn Abstract & Field)
Re Claim 6, 13 & 20, Andriani discloses the method of claim 1, yet does not explicitly suggest wherein generating the attack further comprises refining the one or more attack behaviors from the threat intelligence source based upon a machine learning algorithm.
However, in analogous art, Dunn teaches wherein generating the attack further comprises refining the one or more attack behaviors from the threat intelligence source based upon a machine learning algorithm. (Dunn; FIG. 1-4; ¶ [0095], [0105]-[0112], [0140]-[0153], [0168]-[0174]; Refining attack related behaviors via machine learning.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify Andriani in view of Dunn to refine attack behaviors via machine learning for the reasons of creating a improved method of remediation network security detected vulnerabilities. (Dunn Abstract)
Claim(s) 7 & 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Andriani (US 2023/0156032 A1) and further in view of NUÑEZ DI CROCE (US 2015/0169878 A1).
Re Claim 7 & 14, Andriani discloses the method of claim 1, yet does not explicitly suggest wherein the one or more attack behaviors are user interface behaviors, and the report identifies security gaps in a user interface of the destination test device.
However, in analogous art, NUÑEZ DI CROCE teaches wherein the one or more attack behaviors are user interface behaviors, and (NUÑEZ DI CROCE; FIG. 1; Background, Summary, ¶ [0243]-[0247]; Vulnerabilities related to user interfaces.)
the report identifies security gaps in a user interface of the destination test device. and (NUÑEZ DI CROCE; FIG. 1; Background, Summary, ¶ [0243]-[0247]; Identifying security vulnerabilities of user interfaces of test devices.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to modify Andriani in view of NUÑEZ DI CROCE to detect user interface vulnerabilities for the reasons of providing a new security assessment framework of network system and interconnected devices. (NUÑEZ DI CROCE Abstract)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER B ROBINSON whose telephone number is (571)270-0702. The examiner can normally be reached M-F 7:00-3:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas R Taylor can be reached at 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER B ROBINSON/ Primary Examiner, Art Unit 2443