DETAILED ACTION
The present application is being examined under the pre-AIA first to invent provisions.
Drawings
Figure 6 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated. See MPEP § 608.02(g). Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The abstract of the disclosure is objected to because it includes informalities. In line 4, the abbreviation “IOs” is used without having been defined first. A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:
The specification does not include a summary as per 37 CFR 1.73. See also MPEP § 608.01(d). If a summary was intentionally omitted, Applicant is requested to make a statement on the record confirming this omission.
Appropriate correction is required. The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “A method for performing protection” in line 1, but it is not clear where such performance of protection appears within the body of the claim. The claim further recites “to a different detector in the cluster” in lines 9-10. It is not grammatically clear what this phrase is intended to modify. The claim also recites “load balancing” and “sharing knowledge” in lines 11 and 13. These steps are not in clear parallel structure with “redirect” and are not clearly the object of the phrase “configured to” in line 8. The claim additionally recites “sharing knowledge gained during threat detection operations” in line 13. First, the claim does not appear to positively recite the performance of the threat detection operations and/or the gaining of the knowledge, which appears to constitute a gap in the claim. Further, it is not clear with whom or with what the knowledge is to be shared. The above ambiguities render the claim indefinite.
Claim 2 recites “all interceptors connected to the failed detector are redirected” in line 2. It is not clear whether this is intended to be a positive step of the claimed method.
Claim 3 recites “when a number of interceptors connected to a particular detector is equal to a threshold number” in lines 1-2. Because the use of a threshold implies that the number must either be greater than (or greater than or equal to) or less than (or less than or equal to) the threshold, the recitation only of being equal to the threshold is unclear as to what happens when the threshold is crossed in either direction.
Claim 8 recites “target scanning escalation” in lines 1-2. This does not appear to be well-defined in the claims or specification.
Claim 10 recites “a scan that is more robust”. It is not clear what this scan is more robust than. There is no definition or standard of comparison set forth in the claims or specification. See also MPEP § 2173.05(b).
Claim 11 recites “to a different detector in the cluster” in lines 10-11. It is not grammatically clear what this phrase is intended to modify. The claim also recites “load balancing” and “sharing knowledge” in lines 12 and 14. These steps are not in clear parallel structure with “redirect” and are not clearly the object of the phrase “configured to” in line 9. The claim additionally recites “sharing knowledge gained during threat detection operations” in line 14. First, the claim does not appear to positively recite the performance of the threat detection operations and/or the gaining of the knowledge, which appears to constitute a gap in the claim. Further, it is not clear with whom or with what the knowledge is to be shared. The above ambiguities render the claim indefinite.
Claim 12 recites “further comprising detecting failure” in lines 1-2. It is not clear how the medium would comprise the step of detecting failure, rather than the operations performed by the processors comprising this operation. The claim further recites “all interceptors connected to the failed detector are redirected” in line 2. It is not clear whether this is intended to be a positively recited operation performed by the processors.
Claim 13 recites “when a number of interceptors connected to a particular detector is equal to a threshold number” in lines 2-3. Because the use of a threshold implies that the number must either be greater than (or greater than or equal to) or less than (or less than or equal to) the threshold, the recitation only of being equal to the threshold is unclear as to what happens when the threshold is crossed in either direction.
Claim 18 recites “further comprising performing target scanning escalation” in lines 1-2. It is not clear how the medium would comprise the step of performing the target scanning escalation, rather than the operations performed by the processors comprising this operation. Further, target scanning escalation” does not appear to be well-defined in the claims or specification.
Claim 19 recites “further comprising performing a scan” in lines 1-2. It is not clear how the medium would comprise the step of performing the scan, rather than the operations performed by the processors comprising this operation.
Claim 20 recites “further comprising performing a scan that is more robust” in lines 1-2. It is not clear how the medium would comprise the step of performing the scan, rather than the operations performed by the processors comprising this operation. Further, it is not clear what this scan is more robust than. There is no definition or standard of comparison set forth in the claims or specification. See also MPEP § 2173.05(b).
Claims not explicitly referred to above are rejected due to their dependence on a rejected base claim.
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
The following is a quotation of pre-AIA 35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA 35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claims 15-17 are rejected under 35 U.S.C. 112(d) or pre-AIA 35 U.S.C. 112, fourth paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.
Claims 15-17 each recite further limitations on the detectors. However, because the detectors are not structural elements of the non-transitory storage medium of Claim 11 from which they depend, the limitations on the detectors do not clearly further limit the subject matter of Claim 11.
Applicant may cancel the claims, amend the claims to place the claims in proper dependent form, rewrite the claims in independent form, or present a sufficient showing that the dependent claims comply with the statutory requirements.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Cohen et al, US Patent 9438565, in view of Reybok, Jr. et al, US Patent 11575703.
In reference to Claim 1, Cohen discloses a method that includes associating one or more detectors configured to perform threat detection operations with one or more interceptors that are in a data path (see column 9, lines 38-43; column 11, lines 32-34 and 56-61), and configuring the detectors as a cluster that is configured to redirect an interceptor to a different detector when the interceptor is connected to a failed detector (see column 8, lines 14-23, and column 8, line 56-column 9, line 21) and load balance the interceptors (see column 8, lines 30-55). However, Cohen does not explicitly disclose sharing knowledge.
Reybok discloses a method that includes detectors configured to perform threat detection operations (column 10, line 63-column 11, line 18; column 11, lines 44-60, analyzing threat intelligence analytics to detect threats) and configuring the detectors as a cluster that is configured to redirect and load balance when a detector fails (column 10, line 63-column 11, line 18; column 8, lines 11-27, failover) and share knowledge gained during threat detection operations (see throughout, for example, column 11, line 44-column 15, line 6). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Cohen to include the knowledge sharing of Reybok, in order to allow sharing of intelligence to better detect threats (see Reybok, column 3, lines 16-32, and column 13, lines 30-52).
In reference to Claim 2, Cohen and Reybok further disclose detecting the failure and redirecting the interceptors connected to the failed detector (see Cohen, column 8, line 56-column 9, line 21, and Reybok, column 8, lines 11-27).
In reference to Claims 3 and 4, Cohen and Reybok further disclose triggering the load balancing based on a threshold and disconnecting from an overloaded detector (see Cohen, column 8, lines 30-55, and Reybok, column 8, lines 11-27, failover).
In reference to Claims 5-7, Cohen and Reybok further disclose the detectors operating independently and prioritizing detection based on the shared knowledge including detecting an identified threat and looking for specified data such as phrases or strings (see Reybok, column 11, line 44-column 15, line 6).
In reference to Claims 8-10, Cohen and Reybok further disclose performing escalations of more robust scans focused on specific locations (see Reybok, column 10, line 63-column 11, line 18; column 11, lines 44-60).
Claims 11-20 are directed to software implementations of the methods of Claims 1-10, and are rejected by a similar rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Jiang et al, US Patent 7938764, discloses a system with auto-redirecting capability when a sensor fails.
Zettel, II et al, US Patent 10333960, discloses methods for threat detection using intelligence sharing and load balancing for failover.
Vedam et al, US Patent 10999200, discloses a technique for load balancing when a failure occurs.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:00am-5:30pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal D Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Zachary A. Davis/Primary Examiner, Art Unit 2492