DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.
Response to Arguments
In view of Applicant’s arguments and amendments, filed 02/25/26, with respect to 35 USC 112 have been fully considered and are persuasive. The 35 USC 112 rejection of claims 1-20 has been withdrawn.
Applicant's arguments, filed 02/25/26, in view of 35 USC 101 have been fully considered but they are not persuasive. The claims remain rejected under 35 USC 101. See the 101 rejection below, it has been further clarified in order to address applicant’s arguments.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Step 1: Claims 1-8 are directed towards a method (process). Claims 9-14 are directed towards a non-transitory machine-readable medium (manufacture). Claims 15-20 are directed towards an apparatus (machine).
As per claims 1, 9 and 15:
Step 2A: Prong 1: Are the claims directed to a judicial exception? The next step is to determine whether the claim recites an abstract idea, such as a mathematical concept, a method of organizing human activity, or a mental process.
The core steps of the claims are: Identifying a format of a rule based on document syntax. Converting that rule from a first format to a second format by mapping tokens and metadata. Evaluating the new rule's performance by comparing its matches against traffic logs and tuning the rule (claims 9 and 15). The courts have consistently held that collecting information, analyzing it, and presenting the results, as well as translating data from one format to another, are abstract ideas. A human could theoretically perform these steps mentally or with a pen and paper by reading a security rule, translating its syntax into a new format using a mapping table, and by observing a printed traffic log.
Prong 2: Is the abstract idea integrated into a practical application? If a claim recites an abstract idea, it can still be eligible if the claim as a whole integrates that idea into a practical application.
Does converting a security rule and evaluating it improve how a computer network operates? As currently written, the claim relies on generic computer concepts ("documents," "patterns," "tokens," "traffic logs"). It does not claim a specific improvement to the underlying hardware or network infrastructure. It merely uses a computer as a tool to evaluate a rule. It does not dictate that the result of the evaluation is used to actively secure a network, or stop a cyberattack. While “tuning a security rule”, as in claims 9 and 15, sounds like it could improve network security but the language is highly result-oriented. It claims the result of tuning the rule “for performance on matches” but it does not recite the technical means or algorithms by which a computer actually achieves this tuning. The claims fail to integrate the abstract idea into a practical application. It reads like a generalized data translation and testing process.
Step 2B: Does the claim provide an "inventive concept"? If a claim is directed to an abstract idea and does not integrate into a practical application, it must include additional elements that add “significantly more” than the abstract idea itself. The elements are evaluated individually and as an ordered combination.
The claims merely recite performing the abstract idea using generic computer functions. Terms like "identifying," "converting," "mapping," and "evaluating" are standard data processing functions. The apparatus (Claim 15) and CRM (Claim 9) only recite a generic "processor" and "machine-readable medium," which do not add an inventive concept.
As currently written, the claims are directed to an abstract idea of translating and evaluating data (or a mental process), without any additional elements that amount to significantly more than generic computer implementation.
These claims detail the specific mechanics of how the rule is translated and parsed.
Claims 2-3, 10-11 and 16: Introduce shortening/lengthening patterns and identifying them by length. Manipulation, reorganization or reforming of data is directed to an abstract idea.
Claims 4-5, 12-13 and 17-18: Detail converting rules by mapping tokens and protocol fields and values. Filtering and translating data is directed to an abstract idea.
Claims 6, 14 and 19: Specifies “removing a subset of the second tokens that correspond to fields of the one or more protocols having wider matching ranges”. Filtering and translating data is directed to an abstract idea, wherein filter is directed to a mathematical/logical algorithm for discarding certain data points. These claims attempt to optimize the rule by filtering out overly broad matching criteria. While optimizing a rule is a useful outcome, under Step 2A, Prong 2, an improvement must be to the functioning of the computer itself, not merely an improvement to an abstract process (like making a mental evaluation more efficient). Filtering out data points to narrow a search or rule is a standard logic operation.
Claim 7: Specifies “performance criteria” involve determining if the rule satisfies criteria by looking at “false positive rate and false negative rate” when comparing the new rule to the old rule in traffic logs. Calculating false positive/negative rates is a standard statistical process. Comparing two sets of data to determine a winner based on pre-set criteria is the quintessential "mental process" exception.
Claim 8 and 20: Adds a step for validating syntax. Validating syntax is well-understood, routine, and conventional computer function.
Under Step 2A of the Alice framework, the Federal Circuit routinely holds that translating data from one format to another, parsing data fields, and validating syntax are classic abstract ideas (specifically, mental processes or the organization of human activity). Here, shortening text, mapping protocol fields, and checking syntax are operations a human could perform mentally or with a pen and paper given a rulebook. They do not transform the nature of the claim into something technically concrete.
When viewed as an ordered combination, Claims 1-20 describe a logical, albeit highly detailed, process for updating and testing a security rule using standard data processing techniques.
To pass Step 2B, the claims must recite something "significantly more" than the abstract idea implemented on generic computer components. Nothing in these claims requires specialized hardware, an unconventional network architecture, or an alteration of the system's state. The computer is merely invoked as a tool to perform the parsing, translating, filtering, and comparing.
Claim Interpretation
Examination of the claims, as drafted, with respect to patentability or rejection under 35 USC 102/103 is not possible until the rejection under 35 USC 101 is resolved.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at 571-270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/AUBREY H WYSZYNSKI/Primary Examiner, Art Unit 2434
Prosecution Insights