SYSTEM AND METHOD FOR DETECTING ABNORMAL DATA

§101 §102 §103 §112

DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The Amendment filed 13 November 2025 has been received and considered. Claims 1-13 and 16-20 are pending. This Action is Final. Claim Objections The objections to claims 9 and 10 are withdrawn based on the filed amendment. Claim Interpretation The interpretation that claims 1-18 invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph is withdrawn as the modules are modified by sufficient structure: a processor. Claim Rejections - 35 USC § 112 The rejections under 35 U.S.C. 112(b) are withdrawn based on Applicant amending the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 101 Applicant’s amendments and arguments are persuasive (see Response pages 8-9) and the rejections under 35 U.S.C. 101 are withdrawn. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-4, 6, 7, 11-13, and 16-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Pratt et al. (US 20200296124). As per claims 1, 16, 19, and 20, Pratt et al. discloses an anomaly data detecting method, medium, and system comprising a processor comprising one or more trigger modules, a signal hub, one or more detector modules, an evaluation function generation module, an evaluation module, and backtracker module, wherein: the one or more trigger modules of the processor receive input data, and when anomaly data is included in the received input data based on a trigger rule, generating one or more initial signals indicating the anomaly data (see paragraph [0231]); the signal hub of the processor receives one or more generated initial signals from the one or more trigger modules, of the processor, and performs a logic operation for the one or more received initial signals based on a feed rule to generate a result signal (see paragraphs [0233]-[0234]); and one or more detector modules of the processor receives the generated result signal from the signal hub, and detecting attack detection information corresponding to the anomaly data from the received result signal based on a detector rule (see paragraph [0236] and Fig. 18 step 2216), the detector rule includes relevance information between the one or more detector modules for determining whether to process the attack detection information, and the one or more detector modules include an evaluation function generation module generating an evaluation function for determining whether to process the attack detection information by using the logical operation and the indentation level associated with the relevance information, further comprising: wherein each of the one or more detector modules corresponds to one level among a plurality of levels based on dependence of the detector module, and wherein the attack detection information of a previous level of detector module is used by a next-level detector module, an evaluation module receiving the generated evaluation function from the generated evaluation function generation module, and transmitting the attack detection information to the next-level detector module or a backtracker module based on the received evaluation function, wherein when there is the next-level detector module, the evaluation module transmits the attack detection information to the next- level detector module based on the evaluation function (see paragraphs [0274]-[0277] and Fig. 18). As per claim 2, Pratt et al. discloses the trigger rule includes condition information for determining specific data as the anomaly data, and the one or more trigger modules include an anomaly evaluation function generation module generating an anomaly evaluation function for determining the anomaly data by using a logic operation and an indentation level associated with the condition information (see paragraphs [0238]-[0242]). As per claim 3, Pratt et al. discloses the one or more trigger modules further include an anomaly checker module receiving the generated anomaly evaluation function from the anomaly evaluation function generation module, and inputting the input data into the anomaly evaluation function, and when the anomaly data is included in the input data, transmitting an initial signal generation request (see paragraphs [0231] and [0238]-[0244]). As per claim 4, Pratt et al. discloses the trigger rule further includes output information associated with a type of generated initial signal, and the one or more trigger modules further include a signal generation module generating one or more initial signals of a type determined based on the output information when receiving the initial signal generation request from the anomaly checker module (see paragraph [0231] and [0249]. As per claim 6, Pratt et al. discloses the feed rule includes relevance information for determining a logic relation between the one or more trigger modules, and the signal hub includes a signal operation function generation module generating a signal operation function for generating the result signal based on one or more initial signals by using the logic operation and the indentation level associated with the relevance information (see paragraphs [0245]-[0248]). As per claim 7, Pratt et al. discloses the signal hub further includes a signal operation module receiving the generated signal operation function from the signal operation function generation module, and generating the result signal by inputting the one or more initial signals into the signal operation function (see paragraphs [0245]-[0273]). As per claim 11, Pratt et al. discloses the feed rule includes information on a detector module for determining a detector module receiving the generated result signal, and the signal hub includes a signal transmission module transmitting the generated result signal to the one or more detector module determined based on the information on the detector module (see paragraphs [0233]-[0236]). As per claims 12 and 13, Pratt et al. discloses the detector rule includes information on a detection rule for extracting attack information associated with the anomaly data, and the one or more detector modules include an attack detection function generation module generating an attack detection function for extracting the attack information by using the logical operation and the indentation level associated with the information on the detection rule, wherein the one or more detector modules further include an attack detection module receiving the generated attack detection function from the attack detection function generation module and inputting the input data associated with the result signal into the attack detection function to perform attack detection for the result signal (see paragraphs [0274]-[0277]). As per claims 17 and 18, Pratt et al. discloses when there is no next-level detector module, the evaluation module transmits the attack detection information to the backtracker module wherein the backtracker module determining an attribute of the attack and a procedure of the attack associated with the anomaly data by using the attack detection information of the one or more detector modules (see paragraphs [0270]-[0272]). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Pratt et al. as applied to claim 1 above, in view of Cassidy et al. (US 20190052660). As per claim 5, Pratt et al. discloses the use of databases for receiving input data (see paragraph [0134]), but fails to explicitly disclose the one or more trigger modules include a data reception module receiving the input data by using a target protocol from a specific location of a database determined based on the input information. However, Cassidy et al. teaches receiving data using a target protocol from a specific location of a database based on input information (see paragraph [0039]). At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include a database to provide the input data of the Pratt et al. system. Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow for additional data to be used in the anomaly detection. Claims 8-10 is rejected under 35 U.S.C. 103 as being unpatentable over Pratt et al. as applied to claim 1 above, in view of Hester (US 9923757). As per claims 8-10, Pratt et al. discloses the use of data reduction (see paragraph [0108]), but fails to explicitly disclose removing a redundant initial signal among the one or more initial signals, wherein the signal reducer determines initial signals generated by the same trigger module among the one or more trigger modules as the redundant initial signal, wherein the signal reducer determines initial signals in which anomaly ranges are redundant at a predetermined rate or more as the redundant initial signal. However, Hester teaches data reduction based on removing redundant information based on ranges and rates (see column 11 line 43 through column 15 line 30 showing the process of clustering a compressing, i.e. removing, data). At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include removing redundant data in the Pratt et al. system. Motivation, as recognized by one of ordinary skill in the art, to do so would have been to simplify the data set thereby improving the performance. Response to Arguments As put forth above Applicant’s arguments and/or amendments filed 13 November 2025, with respect to the claim objections, claim interpretations, and claim rejections under 35 U.S.C. 112 and 101 have been fully considered and are persuasive. These objections, interpretations, and rejections have been withdrawn. Applicant's arguments filed 13 November 2025 have been fully considered but they are not persuasive. Applicant argues the cited prior art fails to teach the limitations of the amended claims. With respect to this argument, it does not comply with 37 CFR 1.111(c) because it does not clearly point out the patentable novelty which he or she thinks the claims present in view of the state of the art disclosed by the references cited or the objections made. Further, they do not show how the amendments avoid such references or objections. More specifically, Applicant merely alleges that the cited prior art fails to teach these limitations which were incorporated from previously present claims 14 and 15 which were rejected over Pratt. Applicant does not put forth any argument as to how Pratt does not disclose these limitations. However, as put forth above, Pratt discloses a plurality of detector modules which have different levels where information from the previous level is used by the next module to be evaluated by an evaluation module that outputs a logical operation as to whether an anomaly, threat indicator, or threat is detected. More specifically, as see in Fig. 18, events are passed to an anomaly detection system that uses rules to determine whether an anomaly is present or not. When an anomaly is detected, it is passed to the next level for threat indicator identification, and finally when a threat indicator is detected, it is passed to the threat identification system for determining whether a threat is present or not. As such, at least this portion of the references anticipates the amended limitations. Any additional limitations not specifically addressed are moot in view of the above response. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached at (571) 270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Michael Pyzocha/ Primary Examiner, Art Unit 2409