Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 1/16/26 have been fully considered but they are not persuasive.
Applicant argues that the art of the prior office action fails to teach “enrich the vulnerable devices with sector, location, and POC information including “collect meta information”.
It is unclear based on the claim limitations, including the reading the specification, how “enriching” a vulnerable device would include “collecting meta information”.
Applicant has added the limitation “meta information”. It is unclear if the term “meta” has any narrowing limitation or is just a precursor for the information collected.
Examiner asserts that if one interprets “enriching” as, sending data to a vulnerable device, then this would be counter to “collecting” data, as collected data from a vulnerable device would not be “enriching” the device. The claim language a whole is not clear. It is also unclear, that if the data is not collected from vulnerable devices, then where this metadata *is* collected from.
Applicant includes a “sector model”, “HQ location model” and “point of contact model” as novel features. It is unclear, even from the specification, what would be required to anticipate these claimed limitations as it is not well understood in the art what constitutes a “critical infrastructure sector model”, a “HQ location model” , or a “POC model”.
Examiner argues that the prior art relied upon incorporates at minimum an “HQ location model” as it discovers the location of devices in a geographic sector. Examiner points to use of CVE alerts as used in the prior art as “critical” vulnerabilities and thus anticipate critical digital infrastructure issues. Examiner points to use of “a POC model” in the prior art as the alert sent includes contact information for services (to enrich the device). In the alternate, the POC information retrieved for the device is an IP address because the alert is sent to said device and an address to send the device an alert would be required.
Examiner encourages Applicant to request a telephone interview in order to expedite prosecution.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected. The claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) utilizing an LLM to discover device ownership and send data to devices.
Step2A Prong One: The claims recite determining vulnerability data about devices, learning device ownership, and sending further information to said devices. The learning of data, and sending of data maybe done by a human being and is a mental process.
Step2A Prong Two: The claims implement an LLM on a generic computer that does not significantly improve the technology. The claims as stated do not significantly improve the art and therefore do not amount to significantly more than the judicial exception.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 3-8, 10-15, 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Benefield US 2025/0267162 in view of Dhakshanamoorthy US 12,333,622
As per claims 1, 8, 15 Benefield teaches A system, comprising: a processor configured to: discover vulnerable devices across a plurality of networks; automatically identify device owners; including extracting CI, HQ, and POC metadata [0015]-[0018] [0038]-[0043] (identifies vulnerable devices across networks, identifies owners and sends reports to owners with vulnerability information, and remediation) (IP address, owner identity, critical vulnerability information, mapping software information, hardware information, dependencies, IP address, MAC address, fingerprint, location, vulnerability data, contact information)
Benefield does not teach an LLM.
Dhakshanamoothy teaches automatically identify device owners using a large-language model (LLM)and automatically enrich the discovered vulnerable devices with sector, location, and point of contact (POC) information; and a memory coupled to the processor and configured to provide the processor with instructions. (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, including instructions, sector, location and contact information)
Dhakshanamoorthy teaches the system of claim 1, wherein the processor is further configured to: execute a point of contact model, a headquarters location model, and a sector model to facilitate automatically enriching the discovered vulnerable devices comprising collecting metadata that includes with the sector, location and POC information. (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, based on point of contact, including instructions, sector, location and contact information) (real time AI and NLP engine, keyword extraction, severity, alert to appropriate devices including their address, GPS location, critical alert, contact information for users)
It would have been obvious to one of ordinary skill in the art to use the teaching of Dhakshanamoothy with the prior are because it promotes more efficient emergency response.
As per claims 3, 10, 17. Benefield teaches the system of claim 1, wherein the LLM is prompted to facilitate identifying the device owners. [0015]-[0018] [0038]-[0043] (identify asset owners)
Dhakshanamoothy teaches automatically identify device owners using a large-language model (LLM) (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, including instructions, sector, location and contact information)
As per claims 4, 11, 18. Benefield teaches the system of claim 1, wherein the LLM is prompted to facilitate identifying the device owners including instructions to prioritize predetermined information for identifying the device owners. [0015]-[0018] [0038]-[0043] (identify asset owners and prioritize alerts/vulnerability alerts based on prioritization)
Dhakshanamoothy teaches automatically identify device owners using a large-language model (LLM) (Column 10 line 39 to Column 11 line 8) (Column 11 lines 22-26) (Column 18 lines 15-44) (teaches using AI/NLP to determine user devices to notify devices, including instructions, sector, location and contact information)
As per claims 5, 12, 19. Benefield teaches the system of claim 1, wherein the processor is further configured to: generate an output that includes a plurality of fields including device information, IP address, location information, device owner information, and POC information. [0041][0043][0067] (teaches the variety of contact/owner IP address information)
As per claims 6, 13, 20. Benefield teaches the system of claim 1, wherein the processor is further configured to: execute an asset owner model to facilitate identifying the device owners. [0015]-[0018] [0038]-[0043] (identify asset owners and prioritize alerts/vulnerability alerts based on prioritization)
Claim(s) 2, 9, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Benefield US 2025/0267162 in view of Dhakshanamoorthy US 12,333,622 in view of Cosgrove US 2020/0394305
As per claims 2, 9, 16. Dhakshanamoorthy teaches a national response. (Column 18 lines 34-38) (national alert system)
Cosgrove teaches the system of claim 1, wherein nationwide incident response to known exploited vulnerabilities is performed using the discovered vulnerable devices, the identified device owners, and enriched information associated with the discovered vulnerable devices, wherein the enriched information includes certificate or domain registration information associated with the identified device owners. [0044][0103] (teaches update and distribution to remediate and notify of threats including pushing new certificate information)
It would have been obvious to one of ordinary skill in the art at the time the invention was field to use the teaching of Cosgrove with the prior art because it promotes efficient threat management.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439