SYSTEM AND METHOD OF MANAGING SECURITY IN A MULTI-CLOUD ENVIRONMENT

DETAILED ACTION Response to Amendment Claims 1-8 and 10-19 are pending. Response to Arguments Applicant’s arguments filed 12/16/2025 have been fully considered. Regarding the rejection of claim 1 under 35 U.S.C. 103 as being unpatentable over Will et al. (US20200220885A1) in view of Bird et al. (US20180048661A1), Applicant argues on page 8 there is nothing within the four corners of either reference which speaks to a visualization which has a graphical time-line scale with segmented time periods, which include daily, monthly, and yearly segments. Applicant arguments are persuasive. In view of the amendment and after further search and consideration, claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Will in view of Bird and Yan et al. (CN113783828A), wherein Yan is relied upon to disclose the amended claim language as discussed in the rejection below. The Examiner notes that even though claim 1 recites a “graph dB module”, claim 1 does not require any graphical visualization in logarithmic (or dB) scale. As to any argument not specifically addressed, they are the same as those discussed above. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-8, 10-15 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Will et al. (US20200220885A1) in view of Bird et al. (US20180048661A1) and Yan et al. (CN113783828A). Regarding claim 1, Will discloses a system for performing data-management in a multi-cloud environment, the system comprising ([Abstract] shows event management data corresponding to the security incident; para [0051] shows a hybrid cloud is composed of two or more clouds): a computing unit connected to a plurality of cloud servers (para [0053] shows cloud computing environment 300 includes a server 104 and server 106 in FIG. 1; para [0054] shows cloud computing nodes 310 may communicate with one another and may be into one or more networks, such as private, community, public, or hybrid clouds; para [0093] security incident analysis may be implemented in a computer server 104), the computing unit comprising an application interface adapted to present at least one input query (para [0038] shows security information and event manager 218 sends that particular security incident for remote analysis; para [0040] shows user interfaces); a central controller comprising (para [0047] shows a controller hub); a data ingesting module adapted to receive a resource data-set [user names, passwords, software licenses] from a plurality of data sources and subsequently store within a central repository (para [0024] shows server 104 and server 106 may each include a security information and event manager. The security information and event manager monitors, logs, and aggregates relevant security information and event data corresponding to the services provided by server 104 and server 106 to identify deviations from the norm and take appropriate action when indicated; para [0028] shows storage 108 may store one or more security incidents along with their corresponding descriptions; storage unit 108 may store user names, passwords, and biometric data associated with users; para [0058] shows management layer 406 may provide application software licenses; para [0067] shows sources of the found security incidents are listed in the defined security incident source filter), the plurality of data-sources comprising at least one cloud server (para [0023] shows server 104 and server 106 may provide one or more services, such as, for example, event monitoring services, financial services, banking services, and the like, to client devices; para [0067] shows sources of the found security incidents are listed in the defined security incident source filter); an app controller module adapted to integrate one or more applications within the central controller (para [0023] shows server 104 and server 106 may provide one or more services, such as, for example, event monitoring services, financial services, banking services, and the like, to client devices; para [0050] shows Software as a Service (SaaS); para [0058] shows management layer 406 may provide dynamic procurement of computing resources, cost tracking and billing or invoicing for consumption of these resources, application software licenses), each application of the one or more applications being individually connected with the central repository to enable access to the resource data-set (para [0023] shows server 104 and server 106 may provide one or more services, such as, for example, event monitoring services, financial services, banking services, and the like, to client devices; para [0028] shows storage unit 108 may store authentication or credential data that may include user names, passwords, and biometric data associated with users); the app controller module further adapted to store an application data-set pertaining to tasks, results [resource provisioning] and insights [metering, security] of the one or more applications (para [0050] shows Software as a Service is the capability provided to the consumer to use the provider's applications running on a cloud infrastructure; para [0058] shows resource provisioning 436 provides dynamic procurement of computing resources which are utilized to perform tasks within the cloud computing environment. Metering and pricing 438 provide cost tracking as resources are utilized. Security provides identity verification for cloud consumers and tasks; para [0026] shows the event manager identifies unauthorized access to server 104 or server 106. A security incident can result in misuse of confidential information stored on server 104 and server 106); a security controller module adapted to detect, capture and recognize at least one of the tasks or the data accessed by each of the one or more applications or users (para [0026] shows the event manager identifies unauthorized access to server 104 or server 106; para [0027] shows users to access and utilize the services provided by server 104 and/or server 106; para [0058] shows security provides identity verification for cloud consumers and tasks; para [0072] shows the computer determines that one or more security incidents were found; then the computer sorts each found security incident), and store in a form of a security data-set within the central repository (para [0028] shows storage 108 may store one or more security incident databases containing a plurality of security incidents, along with their corresponding descriptions); and a data management module adapted to collect, for each of the users, a complete data-set including the resource data-set, the application data-set and the security data-set (para [0028] shows storage 108 may store one or more security incident databases containing a plurality of security incidents, along with their corresponding descriptions, source weights, magnitude levels, and the like. Furthermore, storage unit 108 may store other types of data, such as authentication or credential data that may include user names, passwords, and biometric data associated with users; para [0058] shows resources may comprise application software licenses; para [0061] shows a category of the security incident (e.g., denial of service attack, malware detection, anomalous user behavior, or the like)), the data management module further adapted to process the complete data-set in accordance with the at least one input query received at the central controller (para [0065] shows querying the security information and event manager to determine whether any new or unanalyzed security incidents are found.) Will shows a display (para [0031]) but fails to teach the data management module to subsequently visualize an output, in accordance with the at least one input query, onto the application interface of the computing unit, wherein the central controller further comprises a graph dB module adapted to create one or more graphical dashboard-based visualizations of identity and access management data in the multi-cloud environment, the one or more graphical dashboard-based visualizations having a graphical time-line scale with segmented time periods, the segmented time periods including daily segments, monthly segments, and yearly segments. However, Bird discloses to visualize an output, in accordance with the at least one input query, onto the application interface of the computing unit ([Abstract] shows processing security events in association with a cybersecurity knowledge graph; para [0065] shows an analyst can perform the query knowledge graph (KG) to identify all related and relevant pieces of information or entities available in the knowledge graph; para [0042] shows visualization and analysis tools in the platform may then be used to manually and automatically assess the results.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Will with the teaching of Bird in order to print, export or submitted relevant records for processing (Bird; para [0042]). Will-Bird-Yan as combined fails to teach the central controller further comprises a graph dB module adapted to create one or more graphical dashboard-based visualizations of identity and access management data in the multi-cloud environment, the one or more graphical dashboard-based visualizations having a graphical time-line scale with segmented time periods, the segmented time periods including daily segments, monthly segments, and yearly segments. However, Yan discloses the central controller further comprises a graph module adapted to create one or more graphical dashboard-based visualizations of identity and access management data in the multi-cloud environment, the one or more graphical dashboard-based visualizations having a graphical time-line scale with segmented time periods, the segmented time periods including daily segments, monthly segments, and yearly segments ([page 5 lines 37-40] shows in order to improve the security of the user account, a corresponding risk control strategy can be further monitored based on the user account; risk assessment and early warning are carried out in due time; [page 6 lines 16-18] shows to perform visual display on the user account registration or the user account login amount, wherein the threshold time period includes one day, one week, one month, one year, etc.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Will-Bird with the teaching of Yan in order to realize the multi-dimensional display and monitoring of the service system through the user account so as to ensure the reasonable and compliant operation of the service system (Yan; [page 2 lines 52-54]). Regarding claim 2, Will-Bird-Yan as applied to claim 1 discloses the data management module comprises a resource manager module for accessing the resource data-set received by the data-ingesting module (Will; [Abstract] shows a set of security information and event management data corresponding to each of a set of security incidents is retrieved.) Regarding claim 3, Will-Bird-Yan as applied to claim 1 discloses the data management module comprises an application manager module for accessing the application data-set related to the one or more applications managed by the app controller module (Will; para [0028] shows storage unit 108 may store user names, passwords, and biometric data associated with users; para [0058\ shows resources may comprise application software licenses; para [0094] shows the computer retrieves a set of event management data.) Regarding claim 4, Will-Bird-Yan as applied to claim 1 discloses the data management module comprises a security manager module for accessing the security data-set stored by the security controller module (Will; [Abstract] shows a set of security information corresponding to each of a set of security incidents is retrieved; para [0025] shows information of interest to security analysts may be, for example, a particular IP address, username, file hash, file name, registry key, or the like; para [0094] shows the computer retrieves a set of security information.) Regarding claim 5, Will-Bird-Yan as applied to claim 1 discloses the plurality of data-sources comprises one or more cloud servers or one or more SaaS (Will; para [0050] shows Software as a Service (SaaS); para [0053] shows cloud computing environment 300 includes a server 104 and server 106.) Regarding claim 6, Will-Bird-Yan as applied to claim 1 discloses the application interface is adapted to send the at least one input query to the central controller via one or more first communication mediums (Will; para [0015] shows the Internet, a local area network, a wide area network and/or a wireless network; para [0065] shows querying the security information and event manager to determine whether any new or unanalyzed security incidents are found; para [0091] shows the computer sends the selected security incident for cloud-based analysis.) Regarding claim 7, Will-Bird-Yan as applied to claim 6 discloses the one or more first communication mediums is selected in the form of an application programming interface (API) connecting the application interface with the central controller (Bird; para [0041] shows APIs). Regarding claim 8, Will-Bird-Yan as applied to claim 1 discloses the resource data-set comprises application data, subscription data, user projects, user access data, and other data positioned or stored on the one or more data sources of the multi-cloud environment (Will; para [0028] shows storage unit 108 may store authentication or credential data that may include user names, passwords, and biometric data associated with users; para [0058] shows application software licenses). Regarding claim 10, Will-Bird-Yan as applied to claim 1 discloses the security controller comprises a snapshot capturing submodule, a scanning sub-module and a data collection submodule (Will; para [0094] shows the computer retrieves, on a periodic basis (e.g., capturing a snapshot), a set of security information and event management data corresponding to each of a set of security incidents. The computer to determine a priority of the security incident within the set of security incidents (e.g., priority scanning sub-module). The computer performs a local analysis of the security incident based on the retrieved set of security information and event management data (e.g., data collection submodule).) Regarding claim 11, Will discloses a method for managing data in a multi-cloud environment ([Abstract] shows event management data corresponding to the security incident; para [0051] shows a hybrid cloud is a cloud infrastructure composed of two or more clouds), the multi-cloud environment comprising a central controller having a central repository (para [0056] shows a cloud computing environment 400 includes management layer 406; para [0028] shows storage 108), connected to a plurality of cloud servers via a communication medium (para [0015] shows the Internet, a local area network, a wide area network and/or a wireless network; para [0053] shows cloud computing environment 300 includes a server 104 and server 106), the method comprising the steps of: receiving, on an application interface, on a first computing unit, at least one input query related to one or more applications, users, or instances within the multi-cloud environment (para [0065] shows querying the security information and event manager to determine whether any new or unanalyzed security incidents are found; para [0093-0094] shows a computer, such as server 104, retrieves a set of security incidents); sending the at least one input query from the application interface to the central controller (para [0093-0094] shows a computer, such as server 104, retrieves a set of security incidents); processing at the central controller, the at least one input query in accordance with one or more processing modules, causing a processing unit of the central controller to (para [0094] shows the computer to determine a priority of the security incident within the set of security incidents): collect and identify a complete data-set for each of the users or the one or more applications of the multi-cloud environment (para [0028] shows storage 108 may store one or more security incidents along with their corresponding descriptions; storage unit 108 may store user names, passwords, and biometric data associated with users; para [0094] shows the computer performs a local analysis of the security incident based on the retrieved set of security information and event management data corresponding to the security incident and the determined priority of the security incident), the collection comprising at least a security data identified by detecting, capturing and recognizing the tasks or data accessed by the one or more applications, users, or instances of the multi-cloud environment (para [0026] shows the event manager identifies unauthorized access to server 104 or server 106; para [0027] shows users to access and utilize the services provided by server 104 and/or server 106; para [0058] shows security provides identity verification for cloud consumers and tasks; para [0072] shows the computer determines that one or more security incidents were found; then the computer sorts each found security incident). Will shows a display (para [0031]) but fails to show the central controller to graphically visualize the complete identified data-set, in accordance with the at least one input query, on an output component of the application interface, using a graph dB module adapted to create one or more graphical dashboard-based visualizations of identity and access management data in the multi-cloud environment, the one or more graphical dashboard-based visualizations having a graphical time-line scale with segmented time periods, the segmented time periods including daily segments, monthly segments, and yearly segments. However, Bird discloses to graphically visualize the complete identified data-set, in accordance with the at least one input query, on an output component of the application interface ([Abstract] shows processing security events in association with a cybersecurity knowledge graph ([Abstract] shows processing security events in association with a cybersecurity knowledge graph; para [0065] shows an analyst can perform the query knowledge graph (KG) to identify all related and relevant pieces of information or entities available in the knowledge graph; para [0042] shows visualization and analysis tools in the platform may then be used to manually and automatically assess the results.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Will with the teaching of Bird in order to print, export or submitted relevant records for processing (Bird; para [0042]). Will-Bird as combined fails to teach using a graph dB module adapted to create one or more graphical dashboard-based visualizations of identity and access management data in the multi-cloud environment, the one or more graphical dashboard-based visualizations having a graphical time-line scale with segmented time periods, the segmented time periods including daily segments, monthly segments, and yearly segments. However, Yan discloses using a graph module adapted to create one or more graphical dashboard-based visualizations of identity and access management data in the multi-cloud environment, the one or more graphical dashboard-based visualizations having a graphical time-line scale with segmented time periods, the segmented time periods including daily segments, monthly segments, and yearly segments ([page 5 lines 37-40] shows in order to improve the security of the user account, a corresponding risk control strategy can be further monitored based on the user account; risk assessment and early warning are carried out in due time; [page 6 lines 16-18] shows to perform visual display on the user account registration or the user account login amount, wherein the threshold time period includes one day, one week, one month, one year, etc.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Will-Bird with the teaching of Yan in order to realize the multi-dimensional display and monitoring of the service system through the user account so as to ensure the reasonable and compliant operation of the service system (Yan; [page 2 lines 52-54]). Regarding claim 12, Will-Bird-Yan as applied to claim 12 discloses ingesting an information data-set from a plurality of data sources and subsequently storing the information data-set within a central repository, the plurality of data-sources comprising at least one cloud server (Will; para [0024] shows server 104 and server 106 may each include a security information and event manager. The security information and event manager monitors, logs, and aggregates relevant security information and event data corresponding to the services provided by server 104 and server 106 to identify deviations from the norm and take appropriate action when indicated; para [0067] shows sources of the found security incidents are listed in the defined security incident source filter.) Regarding claim 13, Will-Bird-Yan as applied to claim 11 discloses integrating one or more applications within the central controller, wherein further an application data-set pertaining to tasks, results [provisioning] and insights [metering, security] of the one or more applications are stored within the central repository (Will; para [0058] shows resource provisioning 436 provides dynamic procurement of computing resources which are utilized to perform tasks within the cloud computing environment. Metering and pricing 438 provide cost tracking as resources are utilized. Security provides identity verification for cloud consumers and tasks; para [0026] shows the event manager identifies unauthorized access to server 104 or server 106. A security incident can result in misuse of confidential information stored on server 104 and server 106). Regarding claims 14 and 17, Will-Bird-Yan as applied to claims 1 and 11 discloses the at least one input query received includes questions related to patterns within the multi-cloud environment (Bird; para [0007] shows the method then queries the security system (or other data source); para [0047] shows Security Information and Event Management (SIEM) tools reporting on IT security events and vulnerabilities. They may also include analysis and visualization tools for viewing network traffic patterns.) Regarding claims 15 and 18, Will-Bird-Yan as applied to claims 14 and 17 discloses the patterns further comprise resource utilization patterns (Bird; para [0007] shows the method then queries the security system (or other data source); para [0047] shows Security Information and Event Management (SIEM) tools reporting on network traffic patterns.) Regarding claim 17, Will-Bird-Yan as applied to claim 11 discloses the at least one input query received includes questions related to patterns within the multi-cloud environment (Will; para [0050] shows Service models may include, for example, Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS); para [0051] shows deployment models may include, for example, a private cloud, community cloud, public cloud, and hybrid cloud.) Claims 16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Will in view of Bird and Yan, further in view of Cheng et al. (CN116561752A) Regarding claims 16 and 19, Will-Bird-Yan as applied to claims 1 and 11 fails to teach the processing unit of the central controller to process the complete data-set using at least one learning model, the at least one learning model partitioning the data-set into a training dataset or a testing dataset with an 80/20 split between the training dataset and the testing dataset. However, Cheng discloses the processing unit of the central controller to process the complete data-set using at least one learning model, the at least one learning model partitioning the data-set into a training dataset or a testing dataset with an 80/20 split between the training dataset and the testing dataset ([Abstract] shows using neural network algorithm to perform network security detection; [page 6 lines 34-35] shows the classification model training comprises data division, model training and model evaluation; [page 9 lines 42-44] shows the data division comprises 20 % of test set and 80 % of training set.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Will-Bird-Yan with the teaching of Cheng in order to train and test neural network algorithm to perform network security detection (Cheng; [Abstract]). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAN DOAN whose telephone number is (571)270-0162. The examiner can normally be reached Monday - Friday 8am - 5pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie, can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TAN DOAN/Primary Examiner, Art Unit 2445