Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present office action is responsive to communication received 03/20/2026. Claims 1-20 are pending.
Response to Arguments
Applicant's arguments filed 3/20/2026 have been fully considered but they are not persuasive.
The applicant argues reference Baragaba fails to disclose the claim limitation “ generating, by the computer processor, a first assessment of the preprocessed cybersecurity data using regular expression analysis”. The examiner respectfully disagrees and believes Baragaba [0079] teaches determining the organizing pattern which is then parsed. Regular expression analysis acts in the same way in that a pattern is decomposed into components which are then parsed, therefore Baragaba [0079] reads on the limitation including “regular expression analysis”.
The applicant also argues reference Baragaba fails to disclose the claim limitation “generating, by the computer processor, a second assessment of the preprocessed cybersecurity data using a plurality of machine learning models”. The applicant further argues that the models disclose in Baragaba may be CMMI models, but are not machine learning models. The examiner respectfully disagrees and believes Baragaba [0024] explains further that the maturity models may be a customized model which can be interpreted to be a machine learning model. Baragaba [0054] further discloses the analysis using the one ore more maturity models which made represent the second assessment of the cybersecurity data.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 is rejected under 35 U.S.C. 103 as being unpatentable over by Baragaba et al. (US 20220038486) in view of Wells et al. (US 12291053).
Regarding claim 1,
Baragaba teaches A method, comprising:
Obtaining [image] data from a data repository;
[cybersecurity data is obtained using a hardware probe disposed within a network in accordance with one or more embodiments. More specifically, a hardware probe may be deployed in various locations throughout a network, such as adjacent to network links, at data center boundaries, and inside data centers to gather and analyze network traffic. (Baragaba et al., paragraph 37)]
extracting, by the computer processor, cybersecurity data from the obtained [image] data;
[a cybersecurity maturity manager obtains cybersecurity data by interfacing and extracting information from other management systems in a network or among an organization's infrastructure. (Baragaba et al., paragraph 22)]
preprocessing, by the computer processor, the cybersecurity data using at least one preprocessing technique;
[cybersecurity data from a hardware probe and/or a software probe may be used as inputs for a scoring metric implemented by a particular maturity model. (Baragaba et al., paragraph 40, using the cybersecurity data as inputs in order to determine cybersecurity maturity scores is interpreted as preprocessing)]
generating, by the computer processor, a first assessment of the preprocessed cybersecurity data using regular expression analysis;
[First, the organizing pattern (e.g., grammar, schema, layout) of the data is determined, which may be based on one or more of the following: position (e.g., bit or column position, Nth token in a data stream, etc.) (Baragaba et al., paragraph 79, pattern being the regular expression analysis )]
[The first cybersecurity data corresponds to an analysis of the hardware probe regarding network data that is transmitted through the network. (Baragaba et al., paragraph 5)]
generating, by the computer processor, a second assessment of the preprocessed cybersecurity data using a plurality of machine learning models;
[one or more cybersecurity maturity scores are determined for a network using one or more maturity models in accordance with one or more embodiments (Baragaba et al., paragraph 54)]
[The instructions obtain second cybersecurity data using a software probe operating on a network element within the network. The second cybersecurity data corresponds to an analysis of the software probe regarding one or more configuration settings of the network element. (Baragaba et al., paragraph 5)]
[For example, after a cybersecurity maturity manager aggregates, processes, correlates, and/or analyzes data from hardware probes, software probes, and/or user inputs, the cybersecurity maturity manager may generate one or more cybersecurity maturity scores using one or more maturity models. (Baragaba et al., paragraph 54)]
[hardware probes and/or software probes determine maturity scores and/or compliance scores. (Baragaba et al., paragraph 44)]
computing, by the computer processor, a cybersecurity compliance score based on the first assessment and the second assessment;
[The instructions determine a cybersecurity maturity score using the first cybersecurity data and the second cybersecurity data. (Baragaba et al., paragraph 5)]
and transmitting, by the computer processor and based on the cybersecurity compliance score, a remediation command configured to adjust at least one configuration setting of a network.
[one or more remediation commands are transmitted based on a cybersecurity maturity score in accordance with one or more embodiments. (Baragaba et al., paragraph 42)]
Baragaba fails to disclose image data and performing, by a computer processor, a similarity comparison of the obtained image data using a plurality of comparison techniques.
However in an analogous art Wells discloses, obtaining image data from a data repository;
[the image preprocessor 302 may receive multiple images (Wells et al., column 7, lines 60-61)]
performing, by a computer processor, a similarity comparison of the obtained image data using a plurality of comparison techniques;
[inter-bounding box evaluator 1310 may evaluate consistency between bounding boxes on different sides of the document (e.g., by performing a similarity check between the signature 1438 and a signature on the back (not shown) of the CADL 1400 under test. (Wells et al., column 20, lines 54-58)]
extracting, by the computer processor, cybersecurity data from the obtained image data;
[the background/microprint reconstructor 416 extracts the text and objects present in an image (e.g., post-processing) of a valid document to obtain the microprint and/or background (Wells et al., column 15, lines 58-60)]
Baragaba and Wells are considered to be analogous to the claimed invention because they are in the same field of data encryption. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Baragaba to incorporate the teachings of Wells et al. to include image data and performing, by a computer processor, a similarity comparison of the obtained image data using a plurality of comparison techniques, in order to help evaluate and determine whether the image is accepted or invalid. (Wells et al., column 7, lines 15-20)]
Regarding claim 8,
Baragaba teaches A system, comprising:
a network comprising a plurality of network elements;
[In general, in one aspect, embodiments relate to a system that includes a network that includes various network elements, a hardware probe coupled to the network elements. (Baragaba et al., paragraph 4)]
a hardware probe coupled to the plurality of network elements;
[a hardware probe may include hardware that includes functionality to monitor inline data transmissions, such as data sent between endpoints communicating over network paths or data sent between network elements as shown in hardware probe E (105). (Baragaba et al., paragraph 19)]
a network element coupled to the plurality of network elements, the network element comprising a software probe;
[ The system further includes a network element coupled to the network elements, where the network element includes a software probe. (Baragaba et al., paragraph 4)]
and a computer processor, wherein the computer processor is coupled to the hardware probe, the software probe, and the plurality of network elements,
[ The system further includes a cybersecurity maturity manager that includes a computer processor. The cybersecurity maturity manager is coupled to the hardware probe, the software probe, and the network elements (Baragaba et al., paragraph 4)]
The claim recites substantially the same content as claim 1 and is rejected with the rationales set forth for claim 1.
Regarding claim 15,
Baragaba teaches a non-transitory computer readable medium storing instructions executable by a computer processor, the instructions comprising functionality for:
[Software instructions in the form of computer readable program code to perform embodiments of the disclosure may be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a CD, DVD, storage device, a diskette, a tape, flash memory, physical memory, or any other computer readable storage medium. (Baragaba et al., paragraph 69)]
The claim recites substantially the same content as claim 1 and is rejected with the rationales set forth for claim 1.
Regarding claims 2, 9, and 16,
Baragaba in view of Wells discloses the method of claim 1, the system of claim 8, and the non-transitory computer readable medium of claim 15, further comprising:
performing, by the computer processor, a control mapping of a plurality of system controls to cybersecurity standards performing, by the computer processor, a benchmarking process between a plurality of cybersecurity systems.
[a cybersecurity maturity manager determines one or more compliance scores for one or more predetermined security standards. For example, a security standard may be an international standard or a customized cybersecurity standard specific to an organization. Likewise, security standards may include various security frameworks as well as specific controls. (Baragaba et al., paragraph 41)]
Regarding claims 3, 10, and17,
Baragaba in view of Wells discloses the method of claim 1, the system of claim 8, and the non-transitory computer readable medium of claim 15,
wherein the plurality of comparison techniques includes a hash comparison and a pixel comparison.
[In some implementations, the background/microprint evaluator 1342 detects such differences, which may be indicative of digital manipulation, e.g., by detecting sharp changes in pixel intensity that may indicate tampering. (Wells et al., column 22, lines 17-21)]
[the inter-bounding box evaluator 1310 may evaluate consistency between bounding boxes on different sides of the document (e.g., by performing a similarity check between the signature 1438 and a signature on the back (not shown) of the CADL 1400 under test. (Wells et al., column 20, lines 54-58)]
Baragaba and Wells are considered to be analogous to the claimed invention because they are in the same field of data encryption. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Baragaba to incorporate the teachings of Wells et al. to include wherein the plurality of comparison techniques includes a hash comparison and a pixel comparison, in order to help evaluate and determine whether the image is accepted or invalid. (Wells et al., column 7, lines 15-20)]
Regarding claims 4, 11, and 18,
Baragaba in view of Wells discloses the method of claim 3, the system of claim 10, and the non-transitory computer readable medium of claim 17,
wherein duplicate data and reused data is detected using the hash comparison.
[Thus, when one digit in the tactile DOB field 1436, or a first portion of the signature 1438, is determined to be illuminated from the left and another digit, or another portion of the signature 1438) is determined to be illuminated from the upper right, the document image 1400 has likely been manipulated, since it is unlikely, if not impossible, to have different light sources simultaneously. Therefore, it is more likely that one of the digits or signature portions is copy-pasted from another document image. (Wells et al., column 27, lines 51-57)]
Baragaba and Wells are considered to be analogous to the claimed invention because they are in the same field of data encryption. Therefore, it would have been obvious to one of ordinary skill in the art before the instant application effective filing date of the claimed invention to have modified the teachings of Baragaba to incorporate the teachings of Wells et al. to include wherein duplicate data and reused data is detected using the hash comparison, in order to help evaluate and determine whether the image is accepted or invalid. (Wells et al., column 7, lines 15-20)]
Regarding claims 5, 12, and 19,
Baragaba in view of Wells discloses the method of claim 1, the system of claim 9, and the non-transitory computer readable medium of claim 15,
wherein the at least one preprocessing technique includes noisy entity removal, tokenization, and lemmatization.
[The preprocessing performed by the image preprocessor 302, and accordingly the set of post-processed images generated, may vary depending on the implementation and use case. Examples of preprocessing performed by the image preprocessor 302 may include one or more of document extraction, rectification, composite image generation, edge detection, etc. In some implementations, the image preprocessor 302 may extract the portion of the image depicting the document (e.g., from the background or surrounding environment. In some implementations, the image preprocessor 302 may rectify the image data, or a portion thereof, by performing one or more of a rotation, a translation, and a de-skew. For example, in some implementations, the image preprocessor 302 determines the polygon associated with a document portion within the image and rotates and de-skews the polygon, e.g., to generate a normalized, rectangular representation of the document. (Wells et al., column 7, lines 43-59)]
Regarding claims 6 and 13,
Baragaba in view of Wells discloses the method of claim 1 and the system of claim 9,
wherein a report is generated based on the first assessment and the second assessment.
[a cybersecurity maturity manager may collect sampled data to produce a specific assessment report and/or compliance report. (Baragaba et al., paragraph 64)]
Regarding claims 7, 14, and 20,
Baragaba in view of Wells discloses the method of claim 2, the system of claim 9, and the non-transitory computer readable medium of claim 15,
wherein the remediation command is configured to adjust the at least one configuration setting of the network is transmitted when the compliance score is below a predetermined threshold.
[a remediation command may be a network message that causes one or more remediation procedures to be performed automatically by a network element. Examples of remediation procedures include one or more of the following: identifying and closing a network blind spot; installing a software patch with respect to a software vulnerability in a software application or network element; changing configuration settings on a network element; removing a network connection; or adjusting a predetermined workflow or rule associated with a network protocol. (Baragaba et al., paragraph 29)]
[For example, a cybersecurity maturity manager may compare current maturity scores to a desired maturity target as well as determine a recommend remediation action. (Baragaba et al., paragraph 54, threshold based off maturity scores)]
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Vaidyam Anandan et al. (US 12086264) discloses providing a risk assessment for a software application based on evidence obtained from one or more sources. In some aspects, security and compliance evidence may be obtained from one or more evidence sources, for an application offered through a service provider, where the evidence sources include operational data from the application executing within a runtime environment provided by the service provider. The obtained evidence may be mapped to risk assessment criteria to generate a risk assessment. In some cases, the risk assessment criteria includes a plurality of attributes of the application, with the attributes indicating potential vulnerabilities of the application.
Patterson et al. (US 20250252191) discloses determining one or more entity assessments to be completed for an account, by receiving one or more security data packets used to simulate each of the one or more entity assessments. Also include receiving one or more compliance data packets used to simulate each of the one or more entity assessments. The one or more compliance data packets are received from a compliance database. Determining or classifying an entity assessment determination for each of the one or more entity assessments and include determining or calculating a risk score for the account based on the entity assessment determination for each of the one or more entity assessments.
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL ELAHIAN whose telephone number is (703) 756-1284. The examiner can normally be reached on Monday – Friday from 7:30am to 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at telephone number 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/D.E./DANIEL ELAHIAN, Examiner, Art Unit 2407
/Catherine Thiaw/Supervisory Patent Examiner, Art Unit 2407 6/15/2026