Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present application is being examined under the pre-AIA first to invent provisions. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Response to Remarks/Arguments
This communication is considered fully responsive to the Amendment filed on 26 November 2025.
The 112 rejection(s) to claim(s) 1-21 is/are withdrawn since the claim(s) has/have been amended accordingly.
Applicant’s arguments, see Remarks, filed 26 November 2025, with respect to the rejection(s) of claim(s) 1, 2, 4-6, 11-13 and 15-17 under 35 USC § 102 have been fully considered and are not persuasive.
Claims are given their broadest reasonable interpretation consistent with the specification. See In re Morris, 127 F.3d 1048, 44 USPQ2d 1023 (Fed. Cir. 1997). Furthermore, although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Examiner asserts that under the broadest but reasonable interpretation of “entity” would include a container as taught by Pradzynski. Examiner suggest further defining the term entity, to exclude container objects.
Second, Examiner does not assert the entity and virtual instance are the same thing in the claims. Examiner notes that a BRI of entity would include containers taught by Pradzynski. An instance of the container once deployed would then teach a virtual instance. Pradzynski teaches both containers and deployed containers.
Third, within the containers are software code see Pradzynski [0029]. When the container is scanned the software within the container is also scanned. The software detected (i.e. threat criteria) teaches code object and the vulnerabilities scanned teach cybersecurity objects.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1, 2, 4-6, 11-13 and 15-17 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated byU.S. Pre-Grant Publication 20220156380 to Pradzynski et al. (“Pradzynski”).
As to claim 1, Pradzynski disclose(s) a method for detecting a cybersecurity toxic combination prior to a virtual instance deployment, comprising:
inspecting an entity in a cloud computing environment for a cybersecurity object. (Pradzynski; scan image of container for vulnerabilities; 502 fig. 5; [0044])
detecting the cybersecurity object on the inspected entity; (Pradzynski; identify vulnerability; 502 fig. 5; [0044])
inspecting a code object utilized to deploy a virtual instance in the cloud computing environment prior to deployment of the virtual instance; (Pradzynski; scan is done before the launch of container and includes detecting software; [0029];[0044];[0005])
detecting a toxic combination cybersecurity issue based on the cybersecurity object and the code object; (Pradzynski; cybersecurity data is aggregated with the scan data, i.e. combination, fig. 5, 508; [0044]; the threat and detected threat criteria are combined; [0033])
and initiating a mitigation action on the code object. (Pradzynski; mitigation step, fig. 5, 512; [0044])
As to claim 2, Pradzynski disclose(s) the method of claim 1, further comprising:
initiating the mitigation action to stop deployment of the virtual instance based on the code object. (Pradzynski; determine if the container is permitted to deploy; [0024]; blocked from launching; [0029])
As to claim 4, Pradzynski disclose(s) the method of claim 1, further comprising:
detecting in the code object a second cybersecurity object, the second cybersecurity object indicating a toxic combination with the detected cybersecurity object. (Pradzynski; scanning each container before deploying; 502 fig. 5; [0044])
As to claim 5, Pradzynski disclose(s) the method of claim 4, further comprising:
generating a new code object based on the code object; (Pradzynski; disabling software; [0037])
and removing the second cybersecurity object from the new code object. (Pradzynski; patching the container and reimaging; [0037])
As to claim 6, Pradzynski disclose(s) the method of claim 1, further comprising:
initiating a remediation action based on the detected cybersecurity object on the inspected entity. (Pradzynsk; mitigation action inhibits the exploit identified. Fig. 5, 512; [0044])
As to claim 11, Pradzynski disclose(s) a non-transitory computer-readable medium storing a set of instructions for detecting a cybersecurity toxic combination prior to a virtual instance deployment, the set of instructions comprising:
one or more instructions that, when executed by one or more processors of a device, cause the device to:
inspect an entity in a cloud computing environment for a cybersecurity object;
detect the cybersecurity object on the inspected entity;
inspect a code object utilized to deploy a virtual instance in the cloud computing environment prior to deployment of the virtual instance;
detect a toxic combination cybersecurity issue based on the cybersecurity object and the code object;
and initiate a mitigation action on the code object.
See similar rejection to claim 1.
As to claim 12, Pradzynski disclose(s) a system for detecting a cybersecurity toxic combination prior to a virtual instance deployment comprising:
a processing circuitry;
a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to:
inspect an entity in a cloud computing environment for a cybersecurity object;
detect the cybersecurity object on the inspected entity;
inspect a code object utilized to deploy a virtual instance in the cloud computing environment prior to deployment of the virtual instance;
detect a toxic combination cybersecurity issue based on the cybersecurity object and the code object;
and initiate a mitigation action on the code object.
See similar rejection to claim 1.
As to claim 13, Pradzynski disclose(s) the system of claim 12, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
initiate the mitigation action to stop deployment of the virtual instance based on the code object.
See similar rejection to claim 2.
As to claim 15, Pradzynski disclose(s) the system of claim 12, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
detect in the code object a second cybersecurity object, the second cybersecurity object indicating a toxic combination with the detected cybersecurity object.
See similar rejection to claim 4.
As to claim 16, Pradzynski disclose(s) the system of claim 15, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
generate a new code object based on the code object;
and remove the second cybersecurity object from the new code object.
See similar rejection to claim 5.
As to claim 17, Pradzynski disclose(s) the system of claim 12, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
initiate a remediation action based on the detected cybersecurity object on the inspected entity.
See similar rejection to claim 6.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 3, 7 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pradzynski in view of U.S. Patent No. / U.S. Pre-Grant Publication 20240104235 to HERZBERG et al. (“HERZBERG”).
As to claim 3, Pradzynski disclose(s) the method of claim 1,
But does not disclose further comprising:
generating a representation of the computing environment in a security database based on a unified data schema;
and generating a representation of:
the inspected entity, the cybersecurity object, the code object, and the toxic combination cybersecurity issue in the security database.
Pradzynski discloses storing scan results into a database. (Pradzynski; store scan results into a database; [0026])
HERZBERG discloses generating a representation of the computing environment in a security database based on a unified data schema; (HERZBERG; snapshot of service includes data schema; [0094]; includes data schema [0097])
and generating a representation of:
the inspected entity, the cybersecurity object, the code object, and the toxic combination cybersecurity issue in the security database. (HERZBERG; snapshot of service; [0094])
At the time of invention, it would have been obvious to a person of ordinary skill in the art to combine the representations of HERZBERG and the storing of scan results of Pradzynski. One of ordinary skill in the art would have been motivated to combine the teachings as both are concerned with mitigating cybersecurity risks. Using the snapshots of HERZBERG would allow for the results of Pradzynski to be stored with more complete data.
Accordingly, the prior art references teach all of the claimed elements.
Furthermore, it would have been obvious to combine the teachings as all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art.
As to claim 7, Pradzynski disclose(s) the method of claim 1, further comprising:
generating an inspectable disk based on an original disk connected to the inspected entity;
inspecting the inspectable disk for the cybersecurity object.
HERZBERG discloses generating an inspectable disk based on an original disk connected to the inspected entity; (HERZBERG; data file is on disk associated with a virtual machine; [0057])
inspecting the inspectable disk for the cybersecurity object. (HERZBERG; inspection is performed on the snapshot; [0108])
At the time of invention, it would have been obvious to a person of ordinary skill in the art to combine the snapshots of HERZBERG and the scanning of Pradzynski. One of ordinary skill in the art would have been motivated to combine the teachings as both are concerned with detecting and mitigating cybersecurity risks. Using the snapshots of HERZBERG would allow a more thorough scanning of the system.
Accordingly, the prior art references teach all of the claimed elements.
Furthermore, it would have been obvious to combine the teachings as all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art.
As to claim 14, Pradzynski-HERZBERG disclose(s) the system of claim 12, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
generate a representation of the computing environment in a security database based on a unified data schema;
and generate a representation of:
the inspected entity, the cybersecurity object, the code object, and the toxic combination cybersecurity issue in the security database.
See similar rejection to claim 3.
Claim(s) 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pradzynski-HERZBERG in view of U.S. Patent No. / U.S. Pre-Grant Publication 20240232134 to Katuri et al. (“Katuri ”).
As to claim 8, Pradzynski-HERZBERG disclose(s) the method of claim 7,
But does not expressly disclose further comprising:
releasing the inspectable disk in response to determining that inspection is completed.
Katuri discloses releasing the inspectable disk in response to determining that inspection is completed. (Katuri; delete snapshot date after scanning; [0020])
At the time of invention, it would have been obvious to a person of ordinary skill in the art to combine the deletion of Katuri and the data storage of Pradzynski-HERZBERG. One of ordinary skill in the art would have been motivated to combine the teachings as both are concerned with cloud computing. Using the deletion of Katuri would allow for deletion of data no longer required.
Accordingly, the prior art references teach all of the claimed elements.
Furthermore, it would have been obvious to combine the teachings as all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art.
As to claim 18, Pradzynski-HERZBERG disclose(s) the system of claim 12, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
generate an inspectable disk based on an original disk connected to the inspected entity;
and inspect the inspectable disk for the cybersecurity object.
See similar rejection to claim 8.
Claim(s) 9, 10, 20 and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pradzynski in view of U.S. Patent No. / U.S. Pre-Grant Publication 20230048653 to TRIPATHI et al. (“TRIPATHI”).
As to claim 9, Pradzynski disclose(s) the method of claim 1,
inspecting each code object of the plurality of code objects. (Pradzynski; scan is done before the launch of each container; [0044])
But does not expressly disclose further comprising:
accessing an infrastructure as code environment, the IaC environment including a plurality of code objects, each code object corresponding to a deployable virtual instance;
TRIPATHI discloses accessing an infrastructure as code environment, the IaC environment including a plurality of code objects, each code object corresponding to a deployable virtual instance; (TRIPATHI; infrastructure as code deployments; [0131])
At the time of invention, it would have been obvious to a person of ordinary skill in the art to combine the IaC deployments of TRIPATHI and the clou deployment of Pradzynski. One of ordinary skill in the art would have been motivated to combine the teachings as both are concerned with cloud computing. IaC deployments on cloud computing of TRIPATHI was well known deployment method at the time of invention to those of skill in the art. .
Accordingly, the prior art references teach all of the claimed elements.
Furthermore, it would have been obvious to combine the teachings as all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art.
As to claim 10, Pradzynski-TRIPATHI disclose(s) the method of claim 9, further comprising:
determining for each code object a potential toxic combination issue based on the each code object and an entity in the cloud computing environment. (Pradzynski; cybersecurity data is aggregated with the scan data, i.e. combination, fig. 5, 508; [0044])
The prior art of record fails to teach or suggest the claimed invention as a whole. Independent claim 1 is directed to a method for detecting a cybersecurity toxic combination prior to deployment of a virtual instance in a cloud computing environment, wherein the method includes (i) inspecting an entity in the environment for a cybersecurity object, (ii) inspecting a code object utilized to deploy the virtual instance prior to its deployment, (iii) detecting a toxic combination cybersecurity issue based on both the cybersecurity object and the code object, and (iv) initiating a mitigation action on the code object.
As to claim 20, Pradzynski-TRIPATHI disclose(s) the system of claim 12, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
access an infrastructure as code environment, the IaC environment including a plurality of code objects, each code object corresponding to a deployable virtual instance;
and inspect each code object of the plurality of code objects.
See similar rejection to claim 9.
As to claim 21, Pradzynski-TRIPATHI disclose(s) the system of claim 20, wherein the memory contains further instructions which when executed by the processing circuitry further configure the system to:
determine for each code object a potential toxic combination issue based on the each code object and an entity in the cloud computing environment.
See similar rejection to claim 10.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN LEE whose telephone number is (571)270-5606. The examiner can normally be reached on Mon-Fri 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN Y LEE/Primary Examiner, Art Unit 2445