Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Remarks
Applicant’s amendment dated January 30, 2026 responding to November 5, 2025 Office Action provided in the rejection of claims 1-20. Claims 1-20 remain pending in the application and which have been fully considered by the examiner.
Applicant’s arguments, see [pages 8-10, in Remarks], filed January 30, 2026, with respect to the rejections of claims 1-20 have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of Gentleman et al. (US 2022/0207163).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Subramanya et al. (US 2023/0319070) hereinafter “Subramanya” and in view of Gentleman et al. (US 2022/0207163) hereinafter “Gentleman”.
Claim 1
Subramanya teaches a method comprising:
capturing, by at least one hardware processor, network traffic data of request payloads or response payloads of application programming interface (API) calls in one or more network interactions between a computing system and an additional computing system [i.e. the security management facility 122 provides for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which may guard against unknown threats by analyzing application behavior before or as application runs. This may include monitoring code behavior, application programming interface calls made to libraries or to the operating system, or otherwise monitoring application activities] (Subramanya, fig. 1; 0038, 0063);
generating, by the at least one hardware processor utilizing a classification neural network, classifications of content of the network traffic data for the computing system according to data types in the request payloads or the response payloads of the API calls [i.e. the threats are identified and characterized, the definition facility 114 manages definitions used to detect and remediate threats, such as: identity definitions may be used for scanning files, applications, data streams, etc. for the determination of malicious code. The identity definitions include instructions and data that can be parsed and acted upon for recognizing features of known or potentially malicious code. Definitions also may include, code or data to be used in a classifier, such as neural network that may be trained using machine learning] (Subramanya, fig. 1; 0074); and
generating, for display via a graphical user interface of a client device associated with the computing system, a classification analysis comprising the classifications of the content of the network traffic data and one or more indications of risk levels of the data types in the network traffic data [i.e. the CVSS Score module 504 assigns a CVSS score to a signature based on the criticality of the threat associated with the signature. The assigned CVSS score is a number selected from a predetermined range, such as the range of 1-10; and the scores may be groups into predetermined groups labeled as P1-P10, each of groups corresponds to a particular valued selected from the predetermined range] (Subramanya, figs. 5 & 10; 0109).
Subramanya fails to teach data type classifications of the content.
However, in an analogous art, Gentleman teaches data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138, 0183).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 2
Subramanya in combination with Gentleman teach the method of claim 1, wherein generating the classifications of the content of the network traffic data further comprises:
generating one or more classifications indicating first data without restrictions or second data associated with a set of restrictions [i.e. the network access facility 124 accesses the policies and uses rule evaluation to parse network access requests and apply policies; and the network access facility 124 may have a generic set of policies for all compute instances, such as denying access to certain types of websites, controlling instant messenger accesses] (Subramanya, 0078); and
generating the one or more indications of risk levels comprising a first risk level for the first data or a second risk level for the second data, the second risk level indicating a higher risk level than the first risk level [i.e. the values of the predetermined range are associated with different levels of criticality (e.g. value “1” is the lowest criticality and value “10” is the highest criticality; and the value of CVSS score indicates the criticality of particular signature] (Subramanya, 0110); and
the data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 3
Subramanya in combination with Gentleman teach the method of claim 1, further comprising:
determining that a risk level associated with a data type identified in the content of the network traffic data exceeds a risk threshold [i.e. the values of the predetermined range are associated with different levels of criticality (e.g. value “1” is the lowest criticality and value “10” is the highest criticality; and the value of CVSS score indicates the criticality of particular signature and is used to determine whether it within or out of the levels of criticality 1-10] (Subramanya, 0110); and
generating, for display at the client device, a notification comprising the risk level and a description of the content of the network traffic data [i.e. the vulnerability type module 512 analyzes a signature to determine the type of vulnerability associated with the signature, and also generate characteristics or patterns associated with a signature to determine the type of vulnerability] (Subramanya, figs. 5 & 10; 0114).
Claim 4
Subramanya in combination with Gentleman teach the method of claim 1, further comprising:
determining, in response to a request comprising a log file by the client device, a sequence of network interactions comprising one or more computing operations that result in the request payloads or the response payloads comprising the network traffic data [i.e. the security agent 306 coordinates instrumentation of the endpoint 302 to detect event types involving various computing objects, and supervise logging of events in data recorder. The security agent 306 may scan computing objects such as e-communications or files, monitor behavior such as executables] (Subramanya, fig. 3, 0092); and
generating the classification analysis comprising the classifications of the content of the network traffic data by extracting the network traffic data from the log file [i.e. the endpoints 302 logs events in data recorder 304; the security agent 306 filters this data and feed a filtered data stream to a threat management facility 308 which can locally or globally tune filtering by local agents based on the current data stream and can query local event data records for additional information where necessary in threat detection/forensic analysis] (Subramanya, fig. 3, 0086).
Claim 5
Subramanya in combination with Gentleman teach the method of claim 1, further comprising:
receiving, via the graphical user interface of the client device associated with the computing system, an API endpoint for a network interaction of the one or more network interactions [i.e. the application programming interface 310 provides a programmatic interface for customer, information, administration and security tools. The interface 310 provides a programmatic interface for hosted application, identity provider integration tools or services] (Subramanya, fig. 3; 0088); and
capturing, the network traffic data by:
causing the computing system to execute the network interaction according to the API endpoint [i.e. the security management facility 122 provides for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which guards against unknown threats by analyzing application behavior before or as an application runs. This includes monitoring code behavior, API calls made to libraries or the operating system or monitoring application activities] (Subramanya, fig. 1; 0063); and
monitoring a request payload or a response payload resulting from the network interaction to determine the network traffic data [i.e. monitoring behavioral code behavior, API calls made to libraries or the operating system or monitoring application activities] (Subramanya, fig. 1; 0063).
Claim 6
Subramanya in combination with Gentleman teach the method of claim 1, further comprising:
determining a first risk level for content of first network traffic data captured in connection with a first sequence of interactions [i.e. the CVSS Score module 504 assigns a CVSS score to a signature based on the criticality of the threat associated with the signature. The assigned CVSS score is a number selected from a predetermined range, such as the range of 1-10; and the scores (e.g. comprises a score for a first risk level) may be groups into predetermined groups labeled as P1-P10, each of groups corresponds to a particular valued selected from the predetermined range] (Subramanya, fig. 5; 0109);
determining a second risk level for content of second network traffic data captured during a second sequence of interactions [i.e. the CVSS score is assigned to a signature based on the criticality of the threat associated with the signature. The assigned CVSS score is a number selected from a predetermined range, such as the range of 1-10; and the scores (e.g. comprises a score for a second risk level) may be groups into predetermined groups labeled as P1-P10, each of groups corresponds to a particular valued selected from the predetermined range] (Subramanya, fig. 5; 0109); and
generating, for display via the graphical user interface of the client device associated with the computing system, the classification analysis comprising a risk delta comprising a difference between the first risk level and the second risk level [i.e. the values of the predetermined range are associated with different levels of criticality (e.g. value “1” is the lowest criticality and value “10” is the highest criticality; and the value of CVSS score indicates the criticality of particular signature] (Subramanya, figs 5 & 10; 0110).
Claim 7
Subramanya in combination with Gentleman teach the method of claim 1, further comprising:
determining requirement parameters comprising requirements of a data policy for handling specific data types for the one or more network interactions [i.e. a policy management facility manages rules or policies for enterprise facility. The rules include access permissions associated with networks, applications, compute instances, users, content, data, etc.; and a policy database includes a block list, a black list, allowed list, white list are used by the policy management facility 112] (Subramanya, fig. 1; 0067); and
determining the one or more indications of risk levels of the data types in the network traffic data by comparing the content of the network traffic data to the requirement parameters [i.e. the network access facility 124 accesses the policies and uses rule evaluations to parse network access requests and apply policies for risk levels; and the network access facility 124 may have a generic set of policies for all compute instances, such as denying access to certain types of websites, controlling instant messenger accesses] (Subramanya, fig. 1; 0078).
Claim 8
Subramanya in combination with Gentleman teach the method of claim 1, further comprising:
determining, for a provided API endpoint, one or more expected data types for a response payload corresponding to a request payload of an API call [i.e. the security management facility 122 provides for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which guards against unknown threats by analyzing application behavior before or as an application runs. This includes monitoring code behavior, API calls made to libraries or the operating system or monitoring application activities] (Subramanya, fig. 1; 0063);
capturing the network traffic data comprising the response payload in response to sending the request payload of the API call [i.e. the host intrusion prevention through behavioral monitoring and/or runtime monitoring, which may capture and guard against unknown threats by analyzing application behavior before or as application runs] (Subramanya, fig. 1; 0063); and
generating, for display via the graphical user interface of the client device, an indication of the one or more expected data types extracted from the response payload (Subramanya, fig. 10).
Claim 9
Subramanya teaches a system comprising:
a computing system hosting a website and executing application programming interface calls (API) calls to one or more additional computing systems [i.e. security management facility 122 provides for web security and control to detect or block viruses, spyware, malware, unwanted applications which provides comprehensive web access control to enable safe and productive web browsing. The web security and control provides internet use policies, reporting on suspect compute instances, security and content filtering, active monitoring of network traffic, URI filtering, etc.] (Subramanya, fig. 1; 0061); and
a server device comprising at least one hardware processor configured to: capture network traffic data of request payloads or response payloads of the API calls in connection with the computing system hosting the website [i.e. the security management facility 122 provides for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which may guard against unknown threats by analyzing application behavior before or as application runs. This may include monitoring code behavior, application programming interface calls made to libraries or to the operating system, or otherwise monitoring application activities] (Subramanya, fig.1; 0063);
generate, utilizing a classification neural network, classifications of content of the network traffic data according to data types in the request payloads or the response payloads of the API calls [i.e. the threats are identified and characterized, the definition facility 114 manages definitions used to detect and remediate threats, such as: identity definitions may be used for scanning files, applications, data streams, etc. for the determination of malicious code. The identity definitions include instructions and data that can be parsed and acted upon for recognizing features of known or potentially malicious code. Definitions also may include, code or data to be used in a classifier, such as neural network that may be trained using machine learning] (Subramanya, fig.1; 0074); and
generate, for display via a graphical user interface of a client device associated with the computing system, a classification analysis comprising the classifications of the content of the network traffic data and indications of one or more risk levels of the data types in the network traffic data [i.e. the CVSS Score module 504 assigns a CVSS score to a signature based on the criticality of the threat associated with the signature. The assigned CVSS score is a number selected from a predetermined range, such as the range of 1-10; and the scores may be groups into predetermined groups labeled as P1-P10, each of groups corresponds to a particular valued selected from the predetermined range] (Subramanya, figs. 5&10; 0109).
Subramanya fails to teach data type classifications of the content.
However, in an analogous art, Gentleman teaches data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138, 0183).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 10
Subramanya in combination with Gentleman teach the system of claim 9, wherein the at least one hardware processor is configured to:
determine, from a log file comprising recorded computing operations, a sequence of interactions with the website comprising one or more computing operations that result in the request payloads or the response payloads comprising the network traffic data [i.e. the security agent 306 coordinates instrumentation of the endpoint 302 to detect event types involving various computing objects, and supervise logging of events in data recorder. The security agent 306 may scan computing objects such as e-communications or files, monitor behavior such as executables] (Subramanya, fig. 3; 0092); and
capture the network traffic data from the sequence of interactions recorded in the log file [i.e. the endpoints 302 logs events in data recorder 304; the security agent 306 filters this data and feed a filtered data stream to a threat management facility 308 which can locally or globally tune filtering by local agents based on the current data stream and can query local event data records for additional information where necessary in threat detection/forensic analysis] (Subramanya, fig. 3; 0086).
Claim 11
Subramanya in combination with Gentleman teach the system of claim 9, wherein the at least one hardware processor is configured to generate, for display via the graphical user interface of the client device associated with the computing system, a color-coded risk level dashboard comprising the indications of the one or more risk levels displayed in colors based on criteria comprising a probability of a risk occurrence, an impact severity of the risk occurrence [i.e. a plurality of metadata attributes have been added to the threat signature and highlighted] (Subramanya, fig. 10; 0189), or an urgency of a risk remediation [i.e. analyzing whether a threat associated with a signature is a CVE that is exploited in the wild. If a CVE is exploited, it should be remedied before CVEs that are not exploited are remedied] (Subramanya, 0112).
Claim 12
Subramanya in combination with Gentleman teach the system of claim 9, wherein the at least one hardware processor is configured to:
receive, via the graphical user interface of the client device associated with the computing system, an API endpoint for a network interaction corresponding to a targeted path [i.e. for enterprise network threat detection, the system uses the various tools and techniques for threat management contemplated. The endpoints 302 logs events in data recorder 304; the security agent 306 filters this data and feed a filtered data stream to a threat management facility 308 such as a central threat management facility] (Subramanya, fig. 3; 0086); and
capture the network traffic data in response to the computing system executing the network interaction corresponding to the targeted path [i.e. the endpoints 302 logs events in data recorder 304; the security agent 306 filters this data and feed a filtered data stream to a threat management facility 308 which can locally or globally tune filtering by local agents based on the current data stream and can query local event data records for additional information where necessary in threat detection/forensic analysis] (Subramanya, 0086).
Claim 13
Subramanya in combination with Gentleman teach the system of claim 9, wherein the at least one hardware processor is configured to:
determine, for a provided API endpoint, an expected data type for a response payload corresponding to a request payload of an API call [i.e. the security management facility 122 provides for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which may guard against unknown threats by analyzing application behavior before or as application runs] (Subramanya, fig. 1; 0063);
capture the network traffic data comprising the expected data type within the response payload in response to sending the request payload of the API call [i.e. for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which may guard against unknown threats by analyzing application behavior before or as application runs, this include monitoring code behavior, application programming interface calls made to libraries or to the operating system, or otherwise monitoring application activities] (Subramanya, 0063); and
generate, for display via the graphical user interface of the client device, a risk level associated with the network traffic data based on capturing the network traffic data comprising the expected data type [i.e. the vulnerability type module 512 analyzes a signature to determine the type of vulnerability associated with the signature, and also generate characteristics or patterns associated with a signature to determine the type of vulnerability] (Subramanya, 0114).
Claim 14
Subramanya in combination with Gentleman teach the system of claim 10, wherein the at least one hardware processor is configured to:
determine the one or more risk levels of the data types in the network traffic data based on a data policy associated with the classifications of the content of the network traffic data [i.e. a policy management facility manages rules or policies for enterprise facility. The rules include access permissions associated with networks, applications, compute instances, users, content, data, etc.; and a policy database includes a block list, a black list, allowed list, white list are used by the policy management facility 112] (Subramanya, 0067); and
generate, based on the one or more risk levels, a recommendation to perform a remediation action comprising a modification associated with the computing system [i.e. the threat management facility provides configuration management which may define acceptable or required configurations for the compute instances, applications, operating systems, etc. and manage changes to these configurations. Assessment of a configuration is made against standard configuration policies, detection of configuration changes, remediation of improper configuration] (Subramanya, 0070); and
the data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 15
Subramanya teaches a non-transitory computer readable medium comprising instructions that, when executed by at least one hardware processor, cause the at least one hardware processor to:
capture network traffic data of request payloads or response payloads of application programming interface calls in one or more network interactions between a computing system and an additional computing system [i.e. the security management facility 122 provides for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which may guard against unknown threats by analyzing application behavior before or as application runs. This may include monitoring code behavior, application programming interface calls made to libraries or to the operating system, or otherwise monitoring application activities] (Subramanya, fig. 1; 0063);
generate, utilizing a classification neural network, classifications of content of the network traffic data for the computing system according to data types in the request payloads or the response payloads of the application programming interface calls [i.e. the threats are identified and characterized, the definition facility 114 manages definitions used to detect and remediate threats, such as: identity definitions may be used for scanning files, applications, data streams, etc. for the determination of malicious code. The identity definitions include instructions and data that can be parsed and acted upon for recognizing features of known or potentially malicious code. Definitions also may include, code or data to be used in a classifier, such as neural network that may be trained using machine learning] (Subramanya, fig. 1; 0074);
determine one or more risk levels associated with classifications of the content of the network traffic data based on one or more sets of data requirements corresponding to the computing system [i.e. the CVSS Score module 504 assigns a CVSS score to a signature based on the criticality of the threat associated with the signature. The assigned CVSS score is a number selected from a predetermined range, such as the range of 1-10; and the scores may be groups into predetermined groups labeled as P1-P10, each of groups corresponds to a particular value selected from the predetermined range] (Subramanya, fig. 5; 0109); and
cause, for the computing system, an update to a computing operation associated with the application programming interface calls in response to the one or more risk levels exceeding a risk threshold [i.e. each of the groups corresponds to a particular value selected from the predetermined range; and the values of the predetermined range are associated with different levels of criticality (e.g. value “1” is the lowest criticality and value “10” is the highest criticality; and the value of CVSS score indicates the criticality of particular signature and is used to determine whether it within or out of the levels of criticality 1-10] (Subramanya, 0109-0110).
Subramanya fails to teach data type classifications of the content.
However, in an analogous art, Gentleman teaches data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138, 0183).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 16
Subramanya in combination with Gentleman teach the non-transitory computer readable medium of claim 15, further comprising instructions that cause the at least one hardware processor to generate the classifications of the content of the network traffic data by generating a classification for first data without restrictions or second data associated with a set of restrictions [i.e. the policies may include a list of enterprise facility 102 external network locations/applications that may or may not be accessed by compute instances, a list of types/classifications of network locations or applications that are accessed and contextual rules to evaluate whether the lists apply] (Subramanya, 0067); and the data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 17
Subramanya in combination with Gentleman teach the non-transitory computer readable medium of claim 15, further comprising instructions that cause the at least one hardware processor to cause the computing system to update the computing operation by encrypting a portion of the content of the network traffic data or disable a cookie associated with the one or more network interactions (Subramanya, 0072).
Claim 18
Subramanya in combination with Gentleman teach the non-transitory computer readable medium of claim 15, further comprising instructions that cause the at least one hardware processor to determine the one or more risk levels associated with the classifications of the content of the network traffic data by comparing the content of the network traffic data to requirements of a data policy [i.e. the network access facility 124 uses rule evaluation to parse network access requests and apply policies. The network access facility may have a generic set of policies for all compute instances, such as denying access to certain types of websites, controlling instant messenger accesses, etc. Rule evaluation includes regular expression rule evaluation, or other rule evaluation methods for interpreting the access request and comparing the interpretation to established rules for network access] (Subramanya, 0078); and the data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 19
Subramanya in combination with Gentleman teach the non-transitory computer readable medium of claim 15, further comprising instructions that cause the at least one hardware processor to:
determine, based on recorded interactions in a log file, a sequence of network interactions comprising the one or more network interactions between the computing system and the additional computing system [i.e. the security agent 306 coordinates instrumentation of the endpoint 302 to detect event types involving various computing objects, and supervise logging of events in data recorder. The security agent 306 may scan computing objects such as e-communications or files, monitor behavior such as executables] (Subramanya, 0092); and
generate the classifications of the content the network traffic data by extracting the network traffic data from the log file for the sequence of network interactions [i.e. the endpoints 302 logs events in data recorder 304; the security agent 306 filters this data and feed a filtered data stream to a threat management facility 308 which can locally or globally tune filtering by local agents based on the current data stream and can query local event data records for additional information where necessary in threat detection/forensic analysis] (Subramanya, 0086); and the data type classifications of the content [i.e. type of data classifications that associated with data objects are created by application that generated the data objects/contents] (Gentleman, 0138).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of Subramanya to include the teachings of Gentleman of data type classifications of the content. One ordinary skill in the art would be motivated to provide techniques for associating data classifications with data objects extracted from data object repository (Gentleman, 0001).
Claim 20
Subramanya in combination with Gentleman teach the non-transitory computer readable medium of claim 15, further comprising instructions that cause the at least one hardware processor to:
capture additional network traffic data of request payloads or response payloads of additional application programming interface calls in one or more additional network interactions between a first computing system and a second computing system [i.e. the security management facility 122 provides for host intrusion prevention through behavioral monitoring and/or runtime monitoring, which may guard against unknown threats by analyzing application behavior before or as application runs. This may include monitoring code behavior, API calls made to libraries or to the operating system, or otherwise monitoring application activities] (Subramanya, 0063);
determine one or more additional risk levels for the one or more additional network interactions; and generate, for display via a graphical user interface of a client device associated with the computing system, a risk delta indicating a difference between the one or more risk levels and the one or more additional risk levels [i.e. the CVSS Score module 504 assigns a CVSS score to a signature based on the criticality of the threat associated with the signature. The assigned CVSS score is a number selected from a predetermined range, such as the range of 1-10; and the scores may be groups into predetermined groups labeled as P1-P10, each of groups corresponds to a particular valued selected from the predetermined range] (Subramanya, 0109).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Correspondence Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MINH CHAU N NGUYEN whose telephone number is (571)272-4242. The examiner can normally be reached on M-F 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on (571)272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MINH CHAU NGUYEN/Primary Examiner, Art Unit 2459