Cybersecurity Command Line Assessment

§101 §102 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Election/Restrictions Claims 17-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected Species 2, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 23 January 2026. Amendment A, received on 23 January 2026, has been entered into record. In this amendment,, claims 17-20 have been canceled. Claims 1-16 are presented for examination. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) receiving a command line interpretation and generating a cybersecurity prediction. This judicial exception is not integrated into a practical application because the computer system does not add meaningful limitation to the abstract idea. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the computer system is a generic computer. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1-4, 6, and 7 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Stokes III et al. (US 2023/0096895 A1 and Stokes hereinafter). As to claim 1, Stokes discloses a system and method for command classification using active learning, the system and method having: receiving, by the computer system, a command line interpretation generated by a machine learning model interpreting the command line (0006, lines 3-5); and generating, by the computer system, a cybersecurity prediction associated with the command line based on the command line interpretation generated by the machine learning model (0006, lines 9-15). As to claim 2, Stokes discloses: classifying the command line as malicious or benign based on the command line interpretation generated by the machine learning model (0006, lines 19-22). As to claim 3, Stokes discloses: submitting the command line to a command line interpretation service providing the command line interpretation generated by the machine learning model (0006, lines 8-22). As to claim 4, Stokes discloses: training the machine learning model as a command line assistant using a corpus of embeddings representing command lines (0006, lines 5-8). As to claim 6, Stokes discloses: identifying a cybersecurity pattern associated with the command line (0006, lines 17-22; 0070, lines 1-17). As to claim 7, Stokes discloses: identifying an enrichment associated with the command line (0031, lines 1-11). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stokes as applied to claim 1 above, and further in view of Lee et al. (WO 2024/033607 A1 and Lee hereinafter). As to claim 5, Stokes fails to specifically disclose: receiving command line interpretive feedback associated with the command line interpretation generated by the machine learning model. Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Stokes, as taught by Lee. Lee discloses a system and method for rapid development of malicious content detectors, the system and method having: receiving command line interpretive feedback associated with the command line interpretation generated by the machine learning model (claim 13). Given the teaching of Lee, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Stokes with the teachings of Lee by receiving feedback. Lee recites motivation by disclosing that receiving feedback provides a human-readable description (page 37). It is obvious that the teachings of Lee would have improved the teachings of Stokes by receiving feedback in order to provide human-readable description. Claim(s) 8-14 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stokes in view of Cocea et al. (US 2024/0095346 A2 and Cocea hereinafter). As to claim 8, Stokes discloses: at least one central processing unit (0083, line 6); and a memory device storing instructions that, when executed by the at least one central processing unit, perform operations, the operations comprising (0083, 6-10; 0087, 1-9): receiving a command line interpretation generated by the machine learning model based on the command line (0006, lines 3-5); and generating a cybersecurity prediction associated with the command line based on the command line interpretation generated by the machine learning model (0006, lines 9-15). Stokes fails to specifically disclose: comparing the command line to historical command lines previously interpreted by a machine learning model; determining the command line fails to represent one of the historical command lines previously interpreted by the machine learning model; in response to the determining that the command line fails to represent one of the historical command lines previously interpreted, submitting the command line to the machine learning model. Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Stokes, as taught by Cocea. Cocea discloses a system and method for anomalous command line entry detection, the system and method having: comparing the command line to historical command lines previously interpreted by a machine learning model (0044, lines 1-4); determining the command line fails to represent one of the historical command lines previously interpreted by the machine learning model (0044, lines 12-18); in response to the determining that the command line fails to represent one of the historical command lines previously interpreted, submitting the command line to the machine learning model (0044, lines 12-18). Given the teaching of Cocea, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Stokes with the teachings of Cocea by submitting the command line to a machine learning model when it has not been previously interpreted. Cocea recites motivation by disclosing that a cache can be used to map previously processed sets of command line tokens (0043). It is obvious that the teachings of Cocea would have improved the teachings of Stokes by Stokes by submitting a command line to a model when it has not been previous interpreted in order to use a cache to map previously processed sets. As to claim 9, Stokes fails to specifically disclose: wherein the operations further comprise determining the command line represents a historical command line of the historical command lines previously interpreted by the machine learning model. Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Stokes, as taught by Cocea. Cocea discloses: wherein the operations further comprise determining the command line represents a historical command line of the historical command lines previously interpreted by the machine learning model (0044, lines 1-4). Given the teaching of Cocea, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Stokes with the teachings of Cocea by determining previously interpreted command line. Please refer to the motivation recited above with respect to claim 8 as to why it is obvious to apply the teachings of Cocea to the teachings of Stokes. As to claim 10, Stokes fails to specifically disclose: wherein in response to the determining that the command line represents the historical command line previously interpreted by the machine learning model, the operations further comprise declining to submit the command line to the machine learning model. Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Stokes, as taught by Cocea. Cocea discloses: wherein in response to the determining that the command line represents the historical command line previously interpreted by the machine learning model, the operations further comprise declining to submit the command line to the machine learning model (0044, lines 1-12). Given the teaching of Cocea, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Stokes with the teachings of Cocea by determining previously interpreted command line. Please refer to the motivation recited above with respect to claim 8 as to why it is obvious to apply the teachings of Cocea to the teachings of Stokes. As to claim 11, Stokes fails to specifically disclose: wherein the operations further comprise retrieving a historical command line interpretation previously generated by the machine learning model that corresponds to the historical command line previously interpreted by the machine learning model. Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Stokes, as taught by Cocea. Cocea discloses: wherein the operations further comprise retrieving a historical command line interpretation previously generated by the machine learning model that corresponds to the historical command line previously interpreted by the machine learning model (0044, lines 1-12). Given the teaching of Cocea, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Stokes with the teachings of Cocea by retrieving a previous command line interpretation. Please refer to the motivation recited above with respect to claim 8 as to why it is obvious to apply the teachings of Cocea to the teachings of Stokes. As to claim 12, Stokes discloses: wherein the operations further comprise generating the cybersecurity prediction associated with the command line based on the command line interpretation generated by the machine learning model (0006, lines 9-15). Stokes fails to specifically disclose: historical command line interpretation previously generated by the machine learning model. Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Stokes, as taught by Cocea. Cocea discloses: historical command line interpretation previously generated by the machine learning model (0044, lines 1-12). Given the teaching of Cocea, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Stokes with the teachings of Cocea by historical command line interpretation. Please refer to the motivation recited above with respect to claim 8 as to why it is obvious to apply the teachings of Cocea to the teachings of Stokes. As to claim 13, Stokes discloses: wherein the operations further comprise classifying the command line as malicious or benign based on the command line interpretation generated by the machine learning model (0006, lines 8-22). As to claim 14, Stokes discloses: wherein the operations further comprise training the machine learning model as a command line assistant using a corpus of embeddings representing command lines (0006, lines 5-8). As to claim 16, Stokes discloses: wherein the operations further comprise identifying a cybersecurity pattern associated with the command line (0006, lines 17-22; 0070, lines 1-17). Claim(s) 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stokes in view of Cocea as applied to claim 8 above, and further in view of Lee. As to claim 15, Stokes in view of Cocea fails to specifically disclose: wherein the operations further comprise receiving command line interpretive feedback associated with the command line interpretation generated by the machine learning model. Given the teaching of Lee, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Stokes in view of Cocea with the teachings of Lee by receiving feedback. Please refer to the motivation recited above with respect to claim 5 as to why it is obvious to apply the teachings of Lee to the teachings of Stokes in view of Cocea. Prior Art Made of Record The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Amoukou et al. (US 2026/0050504 A1) discloses a system and method for detecting a harmful shift in machine learning model. Choi et al. (WO 2024/128456 A1) discloses a system and method for detecting variable vulnerabilities in software using machine learning model. Ghanita et al. (WO 2020/123985 A1) discloses a system and method for explainability based adjustment of machine learning models. Kramer et al. (WO 2025/029250 A1) discloses a system and method for supervised training data generation. Mazumder et al. (CN 117980903 A) discloses a system and method for picture-based automatic detection of potential safety threats. Sharma et al. (US Patent 9,544,327 B1) discloses a system and method for prioritizing security findings in a SAST tool based on historical security analysis. Stolte et al. (US Patent 10,691,796 B1) discloses a system and method for prioritizing security risks based on historical events collected from the computer system environment. Yellapragada et al. (US 2023/0205891 A1) discloses a system and method for prioritizing security findings using machine learning models. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 6:30 AM - 3:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SARAH SU/Primary Examiner, Art Unit 2431