DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. This action is in response to the communication filed on July 9, 2024. Claims 1-15 were originally received for consideration. No preliminary amendments for the claims have been received.
2. Claims 1-15 are currently pending consideration.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
3. Claim(s) 1-6, and 8-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mahdavipour et al. (U.S. Patent Pub. No. US 2023/0031218) in view of Khronos “The OpenXR Specification: (xrGetSystemProperties(3) Manual Page.”
Regarding claim 1, Mahdavipour discloses:
A computer-based system configured to perform penetration testing on a virtual reality (VR) system, comprising:
a hardware-based processor (paragraph 0007: processor);
a memory configured to store instructions, and connected to the hardware-based processor to provide the instructions to the hardware-based processor (paragraph 0007: processor communicably coupled to a memory device);
a set of modules configured to implement the instructions provided to the hardware-based processor, the set of modules including:
a machine learning module (paragraph 0042: machine-learning and artificial intelligence are integrated in the system) configured to receive system parameters of the system (paragraph 0044: the processor extracts metadata pertaining to a cloud system and identifies one or more parameters related to the cloud for penetration testing), and
a report generating module configured to generate and output an assessment report of the system using the penetration test results (paragraph 0044: generating a report).
Mahdavipour does not explicitly disclose identify characteristics of the VR system from the VR system parameters thereby identifying the VR system, and to perform a VR vendor-specific penetration test corresponding to the identified characteristics, thereby generating penetration test results associated with the VR system. Mahdavipour concentrates on automated penetration testing for a cloud but does not explicitly mention testing in a VR system by using parameters retrieved. Mahdavipour does disclose the use of a VR headset as the system employing the penetration testing but does not disclose retrieving VR system parameters identifying the system to perform a VR vendor-specific penetration test. Khronos discloses using a xrGetSystemProperties function in order to retrieve a systemID, vendor ID, system name and other properties used for validation (see Description). The claims generally disclose the use of a VR system but does not disclose any VR-specific attributes. The claims merely recite a VR system as the type of data that is being used for a penetration test. Mahdavipour discloses retrieving parameters related to a cloud for penetration testing and can generate a configuration file as a code (paragraph 0044). Based on this configuration file, the penetration testing is performed and a report is generated to help users understand the vulnerabilities in the selected cloud system (paragraph 0044). This system of Mahdavipour merely takes a configuration file of any parameters and can perform automatic penetration testing. This can be easily applied to any sort of data including VR system parameters though not explicitly mentioned. Khronos discloses retrieving data such as vendorID, systemID and a system name of a VR system used for validation testing (see Description). It would have been obvious to one of ordinary skill in the art to use the VR system properties of Khronos in the penetration system testing of Mahdavipour in order to determine vulnerabilities associated with a given VR system which can be tailored to a specific vendor by providing the proper configuration file.
Claim 2 is rejected as applied above in rejecting claim 1. Furthermore, Mahdavipour discloses:
The computer-based system of claim 1, wherein the memory stores a plurality of predefined VR vendor-specific test cases, and wherein the machine learning module is trained to identify the characteristics of the VR system from the VR system parameters using the plurality of predefined VR vendor-specific test cases (paragraphs 0042-0044: configuration file which is created and stored as code to be run automatically, and wherein machine learning is integrated with the system to identify potential risks and improve on each run).
Claim 3 is rejected as applied above in rejecting claim 1. Furthermore, Mahdavipour discloses:
The computer-based system of claim 1, wherein the machine learning module is configured to automatically identify characteristics of the VR system from the VR system parameters, and to automatically apply the VR vendor-specific penetration test corresponding to the identified characteristics (paragraphs 0042-0044: configuration file which is created and stored as code to be run automatically, and wherein machine learning is integrated with the system to identify potential risks and improve on each run).
Claim 4 is rejected as applied above in rejecting claim 1. Furthermore, Mahdavipour discloses:
The computer-based system of claim 1, further comprising:
a communication interface (paragraph 0025: coupled to a communication network); and
a communication connection connecting the communication interface to the VR system, wherein the processor is configured to detect the communication connection of the communication interface to the VR system, and wherein the machine learning module, responsive to the detection of the communication connection, determines the VR system parameters, identifies the characteristics, and performs the VR vendor-specific penetration test (paragraphs 0042-0044: configuration file which is created and stored as code to be run automatically, and wherein machine learning is integrated with the system to identify potential risks and improve on each run).
Claim 5 is rejected as applied above in rejecting claim 3. Furthermore, Mahdavipour discloses:
The computer-based system of claim 3, wherein the communication connection is a physical wired connection (paragraph 0049: wherein the device can be wireless or wireless).
Claim 6 is rejected as applied above in rejecting claim 3. Furthermore, Mahdavipour discloses:
The computer-based system of claim 3, wherein the communication connection is associated with a plurality of connection settings, wherein the machine learning module, responsive to the plurality of connection settings, identifies vulnerabilities of the VR system associated with the communication connection, and wherein the assessment report includes the identified vulnerabilities (paragraph 0044: a configuration file is generated from the system parameters as a code and then run to generate a report).
Claim 8 is rejected as applied above in rejecting claim 1. Furthermore, Khronos discloses:
The computer-based system of claim 1, wherein the VR system parameters specify at least one of a device driver, a file system, and a medium access control (MAC) address, and wherein the identified characteristics specify at least one of a VR vendor, a VR module, an operating system, and an installed application associated with the VR system (Khronos: Description: using a xrGetSystemProperties function in order to retrieve a systemID, vendor ID, system name and other properties used for validation).
Claim 9 is rejected as applied above in rejecting claim 1. Furthermore, Mahdavipour discloses:
The computer-based system of claim 1, further comprising: an output device including a graphic user interface (GUI) configured to display the assessment report (paragraph 0038: a graphical user interface in the system which can display the penetration test report).
Regarding claim 10, Mahdavipour discloses:
A computer-based method, comprising:
detecting a communication connection between an assessment system and a system (see Abstract: extracting information from the cloud);
receiving system parameters at the assessment system from the system through the communication connection (paragraph 0044: the processor extracts metadata pertaining to a cloud system and identifies one or more parameters related to the cloud for penetration testing);
identifying characteristics of the system using a machine learning module, thereby identifying the system from the characteristics (paragraph 0042: machine-learning and artificial intelligence are integrated in the system);
performing a predefined a penetration test on the identified system (paragraphs 0042-0044: configuration file which is created and stored as code to be run automatically, and wherein machine learning is integrated with the system to identify potential risks and improve on each run);
generating penetration test results (paragraph 0044: generating a report);
and generating and outputting an assessment report on the system from the penetration test results (paragraph 0044: generating a report).
Mahdavipour does not explicitly disclose identify characteristics of the VR system from the VR system parameters thereby identifying the VR system, and to perform a VR vendor-specific penetration test corresponding to the identified characteristics, thereby generating penetration test results associated with the VR system. Mahdavipour concentrates on automated penetration testing for a cloud but does not explicitly mention testing in a VR system by using parameters retrieved. Mahdavipour does disclose the use of a VR headset as the system employing the penetration testing but does not disclose retrieving VR system parameters identifying the system to perform a VR vendor-specific penetration test. Khronos discloses using a xrGetSystemProperties function in order to retrieve a systemID, vendor ID, system name and other properties used for validation (see Description). The claims generally disclose the use of a VR system but does not disclose any VR-specific attributes. The claims merely recite a VR system as the type of data that is being used for a penetration test. Mahdavipour discloses retrieving parameters related to a cloud for penetration testing and can generate a configuration file as a code (paragraph 0044). Based on this configuration file, the penetration testing is performed and a report is generated to help users understand the vulnerabilities in the selected cloud system (paragraph 0044). This system of Mahdavipour merely takes a configuration file of any parameters and can perform automatic penetration testing. This can be easily applied to any sort of data including VR system parameters though not explicitly mentioned. Khronos discloses retrieving data such as vendorID, systemID and a system name of a VR system used for validation testing (see Description). It would have been obvious to one of ordinary skill in the art to use the VR system properties of Khronos in the penetration system testing of Mahdavipour in order to determine vulnerabilities associated with a given VR system which can be tailored to a specific vendor by providing the proper configuration file.
Claim 11 is rejected as applied above in rejecting claim 10. Furthermore, Mahdavipour discloses:
The computer-based method of claim 10, further comprising:
storing a plurality of predefined VR vendor-specific test cases in a memory (paragraphs 0042-0044: configuration file which is created and stored as code to be run automatically, and wherein machine learning is integrated with the system to identify potential risks and improve on each run); and
training the machine learning module to identify the characteristics of the VR system from the VR system parameters using the plurality of predefined VR vendor-specific test cases (paragraphs 0042-0044: configuration file which is created and stored as code to be run automatically, and wherein machine learning is integrated with the system to identify potential risks and improve on each run).
Claim 12 is rejected as applied above in rejecting claim 10. Furthermore, Mahdavipour discloses:
The computer-based method of claim 10, wherein the machine learning module is configured to automatically identify characteristics of the VR system from the VR system parameters, and to automatically apply the VR vendor-specific penetration test corresponding to the identified characteristics (paragraphs 0042-0044: configuration file which is created and stored as code to be run automatically, and wherein machine learning is integrated with the system to identify potential risks and improve on each run).
Claim 13 is rejected as applied above in rejecting claim 10. Furthermore, Mahdavipour discloses:
The computer-based method of claim 10, further comprising:
connecting a communication connection to the VR system (paragraph 0025: coupled to a communication network);
detecting the communication connection to the VR system (see Abstract: extracting information from the cloud).
Mahdavipour does not explicitly disclose that responsive to the detection of the communication connection, performing the steps of receiving the VR system parameters, identifying the characteristics, and performing the VR vendor-specific penetration test. Mahdavipour concentrates on automated penetration testing for a cloud but does not explicitly mention testing in a VR system by using parameters retrieved. Mahdavipour does disclose the use of a VR headset as the system employing the penetration testing but does not disclose retrieving VR system parameters identifying the system to perform a VR vendor-specific penetration test. Khronos discloses using a xrGetSystemProperties function in order to retrieve a systemID, vendor ID, system name and other properties used for validation (see Description). The claims generally disclose the use of a VR system but does not disclose any VR-specific attributes. The claims merely recite a VR system as the type of data that is being used for a penetration test. Mahdavipour discloses retrieving parameters related to a cloud for penetration testing and can generate a configuration file as a code (paragraph 0044). Based on this configuration file, the penetration testing is performed and a report is generated to help users understand the vulnerabilities in the selected cloud system (paragraph 0044). This system of Mahdavipour merely takes a configuration file of any parameters and can perform automatic penetration testing. This can be easily applied to any sort of data including VR system parameters though not explicitly mentioned. Khronos discloses retrieving data such as vendorID, systemID and a system name of a VR system used for validation testing (see Description). It would have been obvious to one of ordinary skill in the art to use the VR system properties of Khronos in the penetration system testing of Mahdavipour in order to determine vulnerabilities associated with a given VR system which can be tailored to a specific vendor by providing the proper configuration file.
Claim 14 is rejected as applied above in rejecting claim 13. Furthermore, Mahdavipour discloses:
The computer-based method of claim 13, further comprising:
receiving a plurality of connection settings associated with the communication connection (paragraph 0025: coupled to a communication network); and
identifies vulnerabilities of the VR system associated with the communication connection using the machine learning module, wherein the generating and outputting of the assessment report includes the identified vulnerabilities (paragraph 0042: machine-learning and artificial intelligence are integrated in the system).
Claim 15 is rejected as applied above in rejecting claim 10. Furthermore, Khronos discloses:
The computer-based method of claim 10, wherein the VR system parameters specify at least one of a device driver, a file system, and a medium access control (MAC) address, and wherein the identified characteristics specify at least one of a VR vendor, a VR module, an operating system, and an installed application associated with the VR system (Khronos: Description: using a xrGetSystemProperties function in order to retrieve a systemID, vendor ID, system name and other properties used for validation).
Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mahdavipour et al. (U.S. Patent Pub. No. US 2023/0031218) in view of Khronos “The OpenXR Specification: (xrGetSystemProperties(3) Manual Page” in further in view of Baset et al. (U.S. Patent Pub. No. US 2018/0089437).
Claim 7 is rejected as applied above in rejecting claim 1. Furthermore, Mahdavipour discloses:
The computer-based system of claim 1, wherein the machine learning module comprises:
a plurality of nodes configured in a plurality of layers, and configured to classify the VR system from the VR system parameters by identifying the characteristics of the VR system (paragraphs 0042-0044: machine learning is integrated with the system so the system can become more efficient with every use). Though Mahdavipour discloses the use of artificial intelligence and machine learning, Mahdavipour is silent regarding the use of neural networks. In an analogous art, Baset discloses that the artificial intelligence component can employ expert systems such as neural networks, Bayesian models and other non-linear training techniques (paragraph 0048). The use of neural networks would allow the further enhancement of automated aspects of the artificial intelligence component (paragraph 0048).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786. The examiner can normally be reached M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached at 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KAVEH ABRISHAMKAR/
02/06/2026Primary Examiner, Art Unit 2494