Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: the various “module(s)” configured to perform functions such as “a monitoring module configured to,” “investigative module configured to,” and “a remote response module configured” among others recited in claims 1, 6, and 7.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Claim limitations “a monitoring module configured to,” “an investigative module configured to,” “a remote response module configured,” “an autonomous response module to,” “a cyberattack simulation module configured to,” and “a restoration module configured to,” invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph in claims 1, 6, and 7, see above “Claim Interpretation.” However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The examiner could not clearly find the specific structure the applicant intended to be tied to this language if it was the applicant’s intention to even invoke 35 U.S.C. 112(f). Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-3, 5, 7, 8, 11-14, 16-17, and 20 are rejected under 35 U.S.C. 102(a)(1)/(2) as being anticipated by Samson et al (US Pub. No. 2019/0260770), hereafter, “Sansom.”
As to claim 1, Sansom discloses an apparatus, comprising:
an appliance extension, resident on a mobile computing device (Figs. 1-2, [0009], “FIG. 2 illustrates a block diagram of an example appliance extension with instances of the mobile application resident on each mobile device i) to have access to and ii) communication with the cyber defense appliance installed in the system.”), configured to perform functions with i) a monitoring module configured to monitor metrics and receive alerts regarding potential cyber threats on a system including an email system (Fig. 1, label “Monitoring Module” and [0023], particularly, “The appliance extension 210 can perform at least three functions. The appliance extension 210 has a monitoring module configured to receive alerts regarding potential cyber threats on a system that may include but is not limited to, 1) an email system, 2) a network, 3) a SaaS environment, 4) a cloud system, and 5) any combination of the email system, the network, the SaaS environment, and the cloud system. The monitoring module is also configured to provide these metrics and alerts to the display module for visualization on the user interface.”), ii) an investigative module configured to retrieve the metrics and alerts (Fig. 1, label “Investigative Module” and [0023], “The appliance extension 210 has an investigative module configured to receive relevant contextual metrics from a cybersecurity appliance and display these on a user interface to support investigations on potential cyber threats.”), and iii) a remote response module configured observe the metrics and alerts and send one or more control signals to an autonomous response module to take one or more actions to counter one or more detected cyber threats on the system remotely from the appliance extension (Fig. 1, label “Remote Response Module” and [0023], “The appliance extension 210 has a remote response module configured to receive observations and recommended actions from an autonomous response module and return one or more control signals back to the autonomous response module to take actions to counter one or more detected cyber threats, remotely from this appliance extension 210”).
where the appliance extension is configured to display one or more of the metrics, alerts, and one or more actions of the remote response module on an interactive user interface where the interactive user interface is configured to receive one or more user inputs, initiated from the appliance extension, from a user to control or modify the one or more actions to be taken to counter the one or more detected cyber threats on the system ([0023], particularly, “The monitoring module is also configured to provide these metrics and alerts to the display module for visualization on the user interface. The appliance extension 210 has an investigative module configured to receive relevant contextual metrics from a cybersecurity appliance and display these on a user interface to support investigations on potential cyber threats.” And [0066], “The remote response module on the appliance extension 210 can i) approve and initiate suggested actions to counter a detected cyber threat by the autonomous response module in the cyber security appliance as well as ii) have an Activate/Clear button on the user interface to activate a complete hand over of control to take autonomous actions to counter the detected cyber threat in accordance with settings programmed into the autonomous response module in the cyber security appliance. Note, the button may be a slider button, a push button, a tap button, an icon, a link, or other user interface control element.”), where the appliance extension is further configured to provide a secure extension of a second user interface of a cyber security appliance installed in the system ([0034], particularly, “As discussed, the appliance extension 210A-210D is designed and constructed to be a secure extension of a threat visualizer user interface of the cyber security appliance 204 installed in the system with a limited set of functions including the monitoring, the investigating, and the taking actions to counter the detected cyber threat, all of which an operator can securely take from the appliance extension 210A-210D; rather than, needing to log into the cyber security appliance 204 and investigate potential cyber threats at a location where the cyber security appliance 204 is installed in the system.”), and
where instructions implemented in software for the appliance extension are configured to be stored in one or more non-transitory storage mediums to be executed by one or more processing units ([0173]-[0175]).
As to claims 11 and 20, they are rejected by a similar rationale to that set forth in claim 1’s rejection.
As to claims 2 and 12, Sansom discloses the appliance extension is further configured to display an interactive contextualised summary of one or more of the metrics, alerts, and one or more actions on the interactive user interface in a simplified human-readable format based on a compilation of data from one or more of: the monitoring module, the investigative module, the remote response module, and additional data from the system (Figs. 3-7, [0023], and [0054]).
As to claims 3 and 13, Sansom discloses the one or more user inputs to control or modify the one or more actions of the autonomous response module comprises: approving one or more actions of the autonomous response module to counter the detected cyber threats; preventing the autonomous response module from performing the one or more actions ([0026]); and modifying the one or more actions of the autonomous response module to counter the detected cyber threats ([0072]).
As to claims 5 and 14, Sansom discloses the appliance extension is further configured to, in response to a user input, retrieve and display additional contextual information related to one or more of the metrics, the alerts, the one or more actions, or the detected cyber threat on the interactive user interface to allow the user to further investigate the detected cyber threats; and the interactive user interface is configured to receive comments input by the user, the comments being associated with one or more of the metrics, alerts, or one or more actions ([0061]-[0063]).
As to claims 7 and 16, Sansom discloses the appliance extension is further configured to perform functions with a restoration module configured to perform a machine-learned task of remediating the system back to a trusted operational state after a cyber threat is countered; the appliance extension is further configured to receive one or more recommended restoration actions from the restoration module and display the restoration actions on the interactive user interface; the interactive user interface is configured to receive one or more inputs to approve, prevent, or modify the recommended restoration actions; and the appliance extension is further configured to send one or more control signals to control the restoration module to perform the one or more recommended restoration actions, perform the modified recommended restoration actions, or prevent performance of the recommended restoration actions (Figs. 3-7, [0023], [0054], and [0061]-[0063]).
As to claims 8 and 17, Sansom discloses the appliance extension is further configured to: receive a proactive threat notification (PTN) from an operator on the system, the PTN being indicative that a cyber threat has been detected on the system based on information from the monitoring module and the investigative module; display, on the interactive user interface, information related to the potential cyber threat associated with the PTN and a recommended action to counter the potential cyber threat; receive one or more user inputs to approve, prevent, or modify the recommended action; and send one or more control signals to control the autonomous response module to perform the recommended action, perform the modified recommended action, or prevent performance of the recommended action (Figs. 3-7, [0023], [0054], and [0066]-[0068]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Sansom in view of Dunn et al (US Pub. No. 2021/0168161), hereafter, “Dunn.”
As to claim 4, Sansom discloses the interactive user interface is further configured to receive one or more user inputs for interacting with or controlling aspects of the system including: modifying a display format of the metrics ([0055]-[0059]), holding an email, releasing an email([0073]).
However, Sansom does not explicitly disclose filtering emails, flagging a behaviour associated with an email, searching emails, and viewing additional metadata associated with an email.
But, Dunn discloses filtering emails ([0091]), flagging a behaviour associated with an email, searching emails, and viewing additional metadata associated with an email ([0102]-[0103]).
Therefore it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Sansom in view of Dunn in order to provide a more secure email system.
Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Sansom in view of Heinemeyer et al (US Pub. No. 2021/0194924), hereafter, “Heinemeyer.”
As to claims 6 and 15, Sansom discloses the parent claim but does not disclose the appliance extension is further configured to: perform functions with a cyberattack simulation module configured to perform a machine-learned task of initiating and monitoring a cyberattack simulation on the system; display, on the interactive user interface, metrics related to a progression of the simulated cyberattack, and receive one or more user inputs via the interactive user interface to modify the simulated cyberattack; and send one or more control signals to the cyberattack simulation module to modify the simulated cyberattack.
But, Heinemeyer discloses the appliance extension is further configured to: perform functions with a cyberattack simulation module configured to perform a machine-learned task of initiating and monitoring a cyberattack simulation on the system; display, on the interactive user interface, metrics related to a progression of the simulated cyberattack, and receive one or more user inputs via the interactive user interface to modify the simulated cyberattack; and send one or more control signals to the cyberattack simulation module to modify the simulated cyberattack ([0012] and [0028]).
Therefore it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Sansom in view of Heinemeyer in order to provide a system that can test and evaluate security issues in a simulated/safe environment.
Claims 9, 10, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Sansom in view of Dunn et al (US Pub. No. 2021/0168161), hereafter, “Dunn.”
As to claims 9 and 18, Sansom discloses the parent claim but does not disclose the monitoring module and investigative module are further configured to respectively monitor and retrieve additional metrics based at least in part on one or more of: third-party data and open source intelligence to identify potential cyber threats, and the appliance extension is further configured to: receive a common vulnerabilities and exposures (CVE) notification from the investigative module based on the additional metrics, the CVE being indicative that a potential cyber threat putting the system at risk has been identified, wherein the CVE notification comprises information indicating one or more assets on the system which are at risk from the potential cyber threat.
But, Bach discloses monitoring and retrieving additional metrics based at least in part on one or more of: third-party data and open source intelligence to identify potential cyber threats, and an appliance extension is further configured to: receive a common vulnerabilities and exposures (CVE) notification from the investigative module based on the additional metrics, the CVE being indicative that a potential cyber threat putting the system at risk has been identified, wherein the CVE notification comprises information indicating one or more assets on the system which are at risk from the potential cyber threat (Abstract, [0004] and [0040]).
Therefore it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Sansom in view of in view of Bach in order to provide a system can monitor a broader range of cyber threats.
As to claims 10 and 19, Sansom discloses the parent claim but does not disclose the monitoring module and investigative module are further configured to respectively monitor and retrieve additional metrics based at least in part on one or more of: third-party data and open source intelligence to identify potential cyber threats, and the appliance extension is further configured to: receive a common vulnerabilities and exposures (CVE) notification from the investigative module based on the additional metrics, the CVE being indicative that a potential cyber threat putting the system at risk has been identified, wherein the CVE notification comprises information indicating one or more assets on the system which are at risk from the potential cyber threat.
But, Bach discloses monitoring and retrieving additional metrics based at least in part on one or more of: third-party data and open source intelligence to identify potential cyber threats, and the appliance extension is further configured to: receive a common vulnerabilities and exposures (CVE) notification from the investigative module based on the additional metrics, the CVE being indicative that a potential cyber threat putting the system at risk has been identified, wherein the CVE notification comprises information indicating one or more assets on the system which are at risk from the potential cyber threat (Abstract, [0004] and [0040]).
Therefore it would have been obvious to one of ordinary skill in the art prior to the effective filing date of the application to combine the teachings of Sansom in view of Bach in order to provide a system can monitor a broader range of cyber threats.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS J DAILEY whose telephone number is (571)270-1246. The examiner can normally be reached 9:30am-6:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached on 571-270-3037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THOMAS J DAILEY/ Primary Examiner, Art Unit 2458