Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 29 objected to because of the following informalities: Claim 29 appears to be amended in a fashion that makes it incomplete. Appropriate correction is required. Examiner has included the rejection of claim 29 as analogous to the rejection of claim 1.
Claim 30 has likewise been interpreted as dependent on claim 1. Claim 30 is currently dependent on claim 29.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 30 limitation “configuration client is configured to receive …;” “communication monitoring apparatus is configured to determine has been evaluated under the three-prong test set forth in MPEP § 2181, subsection I, but the result is inconclusive. Thus, it is unclear whether this limitation should be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because a generic element is “configured to”. The boundaries of this claim limitation are ambiguous; therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
In response to this rejection, applicant must clarify whether this limitation should be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Mere assertion regarding applicant’s intent to invoke or not invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph is insufficient. Applicant may:
(a) Amend the claim to clearly invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, by reciting “means” or a generic placeholder for means, or by reciting “step.” The “means,” generic placeholder, or “step” must be modified by functional language, and must not be modified by sufficient structure, material, or acts for performing the claimed function;
(b) Present a sufficient showing that 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, should apply because the claim limitation recites a function to be performed and does not recite sufficient structure, material, or acts to perform that function;
(c) Amend the claim to clearly avoid invoking 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, by deleting the function or by reciting sufficient structure, material or acts to perform the recited function; or
(d) Present a sufficient showing that 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, does not apply because the limitation does not recite a function or does recite a function along with sufficient structure, material or acts to perform that function.
Claim 30 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 30 recites the limitation " the communication monitoring apparatus ". There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-5, 9-10, 15-16, 26 and 30-35 are rejected under 35 USC 101 as being directed to an abstract idea without being integrated into a practical application or being significantly more.
Regarding claims 1, 31, 32 the claim recites the limitations “Claims 1, 31 and 32 recite the limitations “evaluating a comprehensive score and determining if a security condition matched.” Broadly interpreted, the aforementioned steps are directed to mental processes as said steps could be performed in the human mind. Therefore, the claims recite an abstract idea.
Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that could be considered that the abstract idea is being integrated into a practical application. It’s noted that the claim recites the operations “obtaining traffic data …;” and “extracting node feature information ...” However, said operations are not sufficient to consider that the abstract idea is being interpreted into a practical application. Said operations are recited at a high level of generality in gathering information, which are a form of insignificant extra-solution activity.
It’s also noted that the claims recite additional limitation/elements (i.e., system, processing circuitry, processor, memory, etc.,). However, said additional elements are recited at a high-level of generality (i.e., as a generic computing device performing a generic computer functions) such that it amounts no more than mere instructions to apply the exception or abstract idea using generic computer components. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
The claims do not include additional elements/limitations/embodiments that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter.
Regarding claims 2-5, 9-10, 15-16, 26 and 30, 33-35 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea and the claims do not positively recite any other operations that could be considered as the abstract idea is being integrated into a practical application or significantly more.
Regarding claim 32, the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 32 recites a computer readable medium that could be interpreted as a signal. Signals are not patent eligible. Claim 32 states “a computer-readable medium” The specification states explicitly that this may be a signal.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1, 24, 27, 29-32 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Rivers US 2016/0373433.
As per claims 1, 29, (Original) Rivers teaches A communication monitoring method, comprising: obtaining, in response to establishment of a communication connection between two communication nodes, traffic data related to the communication connection; [0013][0014] (monitor initiation of an encrypted communication channel and initial handshake)
Rivers teaches extracting node feature information from the traffic data; evaluating a comprehensive score of the communication connection based on the node feature information and a preset evaluation strategy matched with the communication connection; [0014][0018][0025][0034] (inspects metadata flow of traffic endpoints, certificate of handshake and implements policy based on score)
Rivers teaches and determining whether the comprehensive score meets a preset communication security condition matched with the communication connection: if yes, determining that the communication connection is secure; otherwise, determining that the communication connection is risky. [0014][0018][0034][0044] (teaches a score that is compared to a threshold and a user policy and taking a security action based on the score and determination of safe and secure vs malicious)
As per claim 24, (Currently Amended) The method according to any one of claims 1 Rivers teaches comprising: providing a plurality of configuration items to a client, such that the client configures configuration information comprised in the evaluation strategy for the communication connection based on the configuration items; receiving configuration information corresponding to the plurality of the configuration items sent by the client; and combining configuration information corresponding to the plurality of the configuration items into the evaluation strategy matched with the communication connection. [0020][0034][0035] (teaches user configurable policy to determined evaluation and action)
As per claim 27, (Original) The method as claimed in claim 1, Rivers teaches wherein after the determining that the communication connection is risky, the method further comprises: interrupting the communication connection; and/or, issuing a risk warning for the communication connection. [0034] [0053] (teaches blocking connection or user notification)
As per claim 30, (Original) The system according to 29, Rivers teaches further comprising a configuration client, wherein the configuration client is configured to receive user configured configuration information configured by a user for an evaluation strategy and a communication security condition and send the configuration information for the evaluation strategy and the communication security condition to the communication monitoring apparatus; and the communication monitoring apparatus is configured to determine the evaluation strategy and the communication security condition for a communication connection based on the configuration information. [0020][0034][0035] (teaches user configurable policy to determined evaluation and action)
As per claim 31, (Currently Amended) Rivers teaches An electronic device, comprising: one or more processors; and a memory configured to store one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement following actions obtaining, in response to establishment of a communication connection between two communication nodes, traffic data related to the communication connection; [0013][0014] (monitor initiation of an encrypted communication channel and initial handshake)
Rivers teaches extracting node feature information from the traffic data; evaluating a comprehensive score of the communication connection based on the node feature information and a preset evaluation strategy matched with the communication connection; [0014][0018][0025][0034] (inspects metadata flow of traffic endpoints, certificate of handshake and implements policy based on score)
Rivers teaches and determining whether the comprehensive score meets a preset communication security condition matched with the communication connection: if yes, determining that the communication connection is secure; otherwise, determining that the communication connection is risky. [0014][0018][0034][0044] (teaches a score that is compared to a threshold and a user policy and taking a security action based on the score and determination of safe and secure vs malicious)
As per claim 32.(Currently Amended) Rivers teaches A computer-readable medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements following actions ;obtaining, in response to establishment of a communication connection between two communication nodes, traffic data related to the communication connection; [0013][0014] (monitor initiation of an encrypted communication channel and initial handshake)
Rivers teaches extracting node feature information from the traffic data; evaluating a comprehensive score of the communication connection based on the node feature information and a preset evaluation strategy matched with the communication connection;
[0014][0018][0025][0034] (inspects metadata flow of traffic endpoints, certificate of handshake and implements policy based on score)
Rivers teaches and determining whether the comprehensive score meets a preset communication security condition matched with the communication connection: if yes, determining that the communication connection is secure; otherwise, determining that the communication connection is risky. [0014][0018][0034][0044] (teaches a score that is compared to a threshold and a user policy and taking a security action based on the score and determination of safe and secure vs malicious)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2-5, 33, 34, 35 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rivers US 2016/0373433 in view of Moore US 2020/0287888.
As per claim 2, (Original) The method as claimed in claim 1, Rivers teaches a handshake which inherently contains the following steps, however Rivers does not explicitly spell out these steps.
Moore teaches wherein the extracting node feature information from the traffic data comprises: detecting a handshake protocol data packet in the traffic data; and extracting a source protocol address, a destination protocol address, a port, and certificate information from the handshake protocol data packet. [0011] [0054] (teaches a 5-tuples which includes IP address, certificates ports, etc.)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
As per claim 3, (Original) the method as claimed in claim 2, Rivers fails to teach the following:
Moore teaches wherein the evaluating a comprehensive score of the communication connection comprises: determining a certificate score, an address score, and a reputation score related to the communication connection based on the source protocol address, the destination protocol address, the port, and the certificate information; and calculating the comprehensive score of the communication connection by using the certificate score, the address score, the reputation score, and a first weight coefficient combination configured in the evaluation strategy. [0011] [0038][0054] [0059] [0064] [0070][0071][0075] ( combined scaled risk scores based on IP addresses, ports, certificate, reputation/known to be malicious or on a black list, including risk scores based on user, certificate, certificate authority reputation, )
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
As per claim 4, (Original) The method as claimed in claim 3, Rivers fails to teach the following:
Moore teaches wherein the determining a certificate score related to the communication connection comprises: determining a structure of the certificate score configured in the evaluation strategy, wherein the structure of the certificate score comprises a second weight coefficient combination and any one or more of a certificate legality dimension, a certificate validity dimension, a certificate popularity dimension, and a certificate blacklist dimension ;calculating a corresponding dimension score for each dimension comprised in the structure of the certificate score; and calculating the certificate score based on the dimension score corresponding to each dimension comprised in the structure of the certificate score and the second weight coefficient combination. [0031][0032] [0038] [0057][0059] (teaches a risk score associated with a certificate based in part on a certificate revocation list, or a black list, and scaling/weighing said score, teaches validating a certificate by timestamp, digital signature, etc.)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
As per claim 5, (Currently Amended) The method as claimed in claim 4, Rivers fails to teach the following:
Moore teaches wherein the calculating a corresponding dimension score for each dimension comprised in the structure of the certificate score comprises: in a case where the structure of the certificate score comprises the certificate legality dimension, verifying legality of the certificate information by using a preset root certificate; and calculating a certificate validity score based on a verification result and a certificate validity calculation strategy configured in the evaluation strategy.- or in a case where the structure of the certificate score comprises the certificate validity dimension, determining whether certificate validity time comprised in the certificate information is valid; and calculating a certificate validity duration score based on a determination result and a validity scoring strategy configured in the evaluation in a case where the structure of the certificate score comprises the certificate popularity dimension, searching for the certificate information in stored historical data and counting a certificate frequency of the certificate information within a set period; and calculating a certificate popularity score based on the counted certificate frequency and a popularity calculation strategy configured in the evaluation strategy; or.in a case where the structure of the certificate score comprises the certificate blacklist dimension, searching for whether the certificate information exists in a set certificate blacklist; and calculating a certificate blacklist score based on a search result and a certificate blacklist calculation strategy configured in the evaluation strategy. [0031][0032] [0038] [0057][0059] [0078] (teaches methods to score a certificate including legality by a root certificate, validity by a timestamp/valid time, blacklist score by searching a CRL)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
6-8. (Cancelled)
11-14.(Cancelled)
As per claim 15, (Currently Amended) The method as claimed in claim 3, Rivers fails to teach the following:
Moore teaches wherein the determining a reputation score related to the communication connection comprises: determining a structure of the address reputation score configured in the evaluation strategy, wherein the structure of the reputation score comprises a fourth weight coefficient combination and any one or more of a certificate level dimension, a certificate signing authority dimension, a certificate status dimension, a geographical location dimension, an address reputation dimension, and a time dimension, and a domain name reputation dimension; and calculating a corresponding dimension score for each dimension comprised in the structure of the reputation score; and calculating the reputation score based on the dimension score corresponding to each dimension comprised in the structure of the reputation score and the fourth weight coefficient combination. [0011] [0038][0054] [0059] [0064] [0070][0071][0075] ( combined scaled risk scores based on IP addresses, ports, certificate, reputation/known to be malicious or on a black list, including risk scores based on user, certificate, certificate authority reputation, )
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
As per claim 16, (Currently Amended) The method as claimed in claim 15, Rivers fails to teach the following:
Moore teaches wherein the calculating a corresponding dimension score for each dimension comprised in the structure of the reputation score comprises: in a case where the structure of the reputation score comprises the certificate level dimension, determining a certificate level and a certificate type corresponding to the certificate information; and calculating a certificate level score based on the determined certificate level and certificate type and a level calculation strategy configured in the evaluation in a case where the structure of the reputation score comprises the certificate signing authority dimension, determining a signing authority corresponding to the certificate information; and calculating a signing authority score based on the determined signing authority and a signing authority calculation strategy configured in the evaluation strategy; or in a case where the structure of the reputation score comprises the certificate status dimension determining a revocation status of the certificate information: and calculating a certificate status score based on the determined revocation status and a certificate status calculation strategy configured in the evaluation strategy; or in a case where the structure of the reputation score comprises a domain name reputation dimension, determining a domain name reputation corresponding to the destination protocol address: and calculating a domain name reputation score based on the determined domain name reputation and a domain name reputation calculation strategy configured in the evaluation strategy; or in a case where the structure of the reputation score comprises the geographical location dimension, determining geographical locations/a geographical location of the source protocol address and/or the destination protocol address: and calculating a geographical location score based on the geographical locations/the geographical location of the source protocol address and/or the destination protocol address and a geographical location calculation strategy configured in the evaluation strategy; or in a case where the structure of the reputation score comprises the address reputation dimension, determining reputation statuses/a reputation status of the source protocol address and/or the destination protocol address: and calculating an address reputation score based on the reputation statuses/the reputation status of the source protocol address and/or the destination protocol address and an address reputation calculation strategy configured in the evaluation strategy; or in a case where the structure of the reputation score comprises the time dimension, determining domain name binding time of the destination protocol address; and calculating a domain name binding time score based on the domain name binding time of the destination protocol address and a domain name binding calculation strategy configured in the evaluation strategy. [0011] [0038][0054] [0059] [0064] [0070][0071][0075] [0086]( combined scaled risk scores based on IP addresses, ports, certificate, reputation/known to be malicious or on a black list, including risk scores based on user, certificate, certificate authority reputation, risk associated with geographic location )
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
17-23.(Cancelled)
As per claim 26, (Original) The method as claimed in claim 1,
Rivers teaches comparing a reputation score/ vs a certain threshold to take a security action [0044]
Moore teaches wherein the communication security condition matched with the communication connection comprises: the comprehensive score is not less than a preconfigured communication security threshold; or, the comprehensive score is not more than the preconfigured communication security threshold. [0050] (security actions based on threshold that are adjusted by a user)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
28.(Cancelled)
As per claim 33, (New) The electronic device as claimed in claim 31, Rivers teaches a handshake which inherently contains the following steps, however Rivers does not explicitly spell out these steps.
Moore teaches wherein the extracting node feature information from the traffic data comprises: detecting a handshake protocol data packet in the traffic data; and extracting a source protocol address, a destination protocol address, a port, and certificate information from the handshake protocol data packet.[0011] [0054] (teaches a 5-tuples which includes IP address, certificates ports, etc.)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
As per claim 34, (New) The electronic device as claimed in claim 33, Rivers fails to teach the following:
Moore teaches wherein the evaluating a comprehensive score of the communication connection comprises: determining a certificate score, an address score, and a reputation score related to the communication connection based on the source protocol address, the destination protocol address, the port, and the certificate information; and calculating the comprehensive score of the communication connection by using the certificate score, the address score, the reputation score, and a first weight coefficient combination configured in the evaluation strategy.
[0011] [0038][0054] [0059] [0064] [0070][0071][0075] ( combined scaled risk scores based on IP addresses, ports, certificate, reputation/known to be malicious or on a black list, including risk scores based on user, certificate, certificate authority reputation, )
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
As per claim 35, (New) The electronic device as claimed in claim 34, Rivers fails to teach the following:
Moore teaches wherein the determining a certificate score related to the communication connection comprises: determining a structure of the certificate score configured in the evaluation strategy, wherein the structure of the certificate score comprises a second weight coefficient combination and any one or more of a certificate legality dimension, a certificate validity dimension, a certificate popularity dimension, and a certificate blacklist dimension; calculating a corresponding dimension score for each dimension comprised in the structure of the certificate score; and calculating the certificate score based on the dimension score corresponding to each dimension comprised in the structure of the certificate score and the second weight coefficient combination. [0031][0032] [0038] [0057][0059] (teaches a risk score associated with a certificate based in part on a certificate revocation list, or a black list, and scaling/weighing said score, teaches validating a certificate by timestamp, digital signature, etc.)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Moore with the prior art because it improves comprehensive risk scoring
Claim(s) 9, 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rivers US 2016/0373433 in view of Moore US 2020/0287888 in view of Huston US 2021/0344667.
As per claim 9, (Original) The method as claimed in claim 3,
Rivers teaches IP address reputation, untrusted IP address [0026][0029] .
Moore teaches blocking packets based on IP address matching a policy and threat [0070][0110]
Neither reference explicitly state “black list” although both imply a black list.
Huston teaches wherein the determining an address score related to the communication connection comprises: determining a structure of the address score configured in the evaluation strategy, wherein the structure of the address score comprises a third weight coefficient combination and any one or more of a link pair popularity dimension, a service popularity dimension, a destination protocol address popularity dimension, a source protocol address popularity dimension, and an address blacklist dimension; calculating a corresponding dimension score for each dimension comprised in the structure of the address score; and calculating the address score based on the dimension score corresponding to each dimension comprised in the structure of the address score and the third weight coefficient combination. [0025][0029] (IP address blacklist and associated risk level score)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Huston with the prior art because it provides more comprehensive IP address risk scoring.
As per claim 10, (Currently Amended) The method as claimed in claim 9, Huston teaches wherein the calculating a corresponding dimension score for each dimension comprised in the structure of the address score comprises: in a case where the structure of the address score comprises a link pair popularity dimension, searching for a link pair comprising the source protocol address, the destination protocol address, and the port in stored historical data, and counting a frequency of searching for the link pair within the set time period; and calculating a link pair popularity score based on the frequency of searching for the link pair and a link pair popularity calculation strategy configured in the evaluation strategy; or in a case where the structure of the address score comprises the service popularity dimension, searching for a service combination comprising the destination protocol address and the port in stored historical data, and counting a frequency of searching for the service combination within the set time period; and calculating a service popularity score based on the frequency of searching for the service combination and a service popularity calculation strategy configured in the evaluation strategy: or in a case where the structure of the address score comprises the destination protocol address popularity dimension, searching for the destination protocol address in stored historical data, and counting a frequency of searching for the destination protocol address within the set time period; and calculating a destination protocol address popularity score based on the frequency of searching for the destination protocol address and a destination protocol address popularity calculation strategy configured in the evaluation strategy: or in a case where the structure of the address score comprises the source protocol address popularity dimension, searching for the source protocol address in stored historical data, and counting a frequency of searching for the source protocol address within the set time period; and calculating a source protocol address popularity score based on the frequency of searching for the source protocol address and a source protocol address popularity calculation strategy configured in the evaluation strategy: or in a case where the structure of the address score comprises the address blacklist dimension, searching for whether the source protocol address and/or the destination protocol address exist/exists in a set address blacklist; and calculating an address blacklist score based on a search result and an address blacklist calculation strategy configured in the evaluation strategy. [0025][0029] (IP address blacklist and associated risk level score, applying security policy according to score/risk level)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the teaching of Huston with the prior art because it provides more comprehensive IP address risk scoring.
Claim(s) 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rivers US 2016/0373433 in view of Moore US 2020/0287888 in view of Ransford US 2022/0083652.
As per claim 25, (Original) The method as claimed in claim 24, Rivers fails to teach the following:
Moore teaches a combination risk score with each factor scaled, as in the above rejection. Moore fails to teach the specific method of receiving the scaling configuration.
Ransford teaches wherein the configuration information comprises any one or more pieces of the following information: the first weight coefficient combination, a plurality of certificate dimensions and the second weight coefficient combination comprised in a structure of the certificate score, a plurality of address dimensions and the third weight coefficient combination comprised in a structure of the address score, and a plurality of reputation dimensions and the fourth weight coefficient combination comprised in a structure of the address reputation score. [0120] (teaches a combined risk score made of a sum of risk factors, each weighed, and each weight configured by a user)
It would have been obvious to one of ordinary skill in the art before the priority date of the current application to use the user configured weights of Ransford with the prior art because it gives the user better control.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439