Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Introduction
This Final Office Action is in response to amendments and remarks filed on December 4, 2025, for the application with serial number 18/770,095.
Claims 1, 3-5, 7, 8, 10, 14, 16-18, and 20 are amended.
Claims 9 and 11-13 are canceled.
Claim 21 is new.
Claims 1-8, 10, and 14-21 are pending.
Interview
The Examiner acknowledges the interview conducted on November 20, 22025, in which proposed amendments were discussed and compared to the cited prior art.
Response to Remarks/Amendments
35 USC §101 Rejection
The Applicant traverses the rejection of the claims as being directed to an ineligible abstract idea, contending that the claims recite a technical solution by limiting the scope of a risk analysis. See Remarks p. 12. In response, the Examiner submits that limiting the scope of a risk analysis is not a practical application of an abstract idea. Limiting the scope of a risk analysis is part of the abstract idea of determining a remediation action to address a risk event. Contrary to the Applicant’s assertions, the claims do not recite a specific practical improvement in computer network security. Risk analysis is an abstract concept. Reducing the number of calculations performed by limiting the risk analysis to a number of assets does not improve the performance of a computer as a machine; the process merely serves to simplify an analysis. The recited risk analysis could be performed mentally or on paper by a human being, but a general purpose computer is recited in the claims for performing the risk analysis.
The Applicant additionally requests that the Examiner limit the scope of examination to issues arising under 35 USC §102, 103, and 112. See Remarks p. 15. In response, the Examiner points out that the scope of examination is defined by the MPEP, not a particular case decided by the Appeals Board. While the Examiner is bound by legal precedent and Appeals decisions, the MPEP is the authoritative resource for guidance in examination. The Examiner has properly followed MPEP §2106 in arriving at a conclusion of ineligibility in this case. Note that the MPEP is based on the full body of relevant patent laws and precedential court decisions.
The rejection for lack of subject matter eligibility is maintained.
35 USC §103 Rejections
Amendments to the claims changed the scope of the claims, necessitating further search and consideration of the prior art. A new search returned the Komavec Osojnik reference, which is cited in the rejections, below. The combination of references teach the recited portions of the independent claims.
The Applicant traverses the rejection of independent claims 1, 14, and 21 as being obvious over Adamson in view of Lokamathe in view of Komavec Osojnik, contending that Lokamathe does not teach the recited proportionate relationship between risk severity and the number of connections to traverse. In response, the Examiner points to cited ¶[0012]-[0014] and [0018]-[0019] of Lokamathe. Those cited passages disclose propagating aggregated risk to neighboring nodes. Risk propagates to neighboring nodes based on the probability of selection of a path. As further explained in ¶[0069]-[0070] of Lokamathe, a dependency proportion of child nodes P and Q from parent R is computed based on a likelihood vector. The likelihood vector represents a risk, and this risk propagates through the graph to child (or neighboring) nodes based on this risk/likelihood value. In general, risk is understood to be a probability of loss or injury. See https://www.merriam-webster.com/thesaurus/risk. The present claims merely point out a property of risk as it flows in a hierarchical relationship. The larger the risk, the more likely a child element in the hierarchical relationship is affected. Lokamathe represents this likelihood or risk as a propagating vector. In effect, the likelihood of propagation is represented by the risk value, so by definition, the magnitude of an initial risk at a parent is proportional to the risk at the downstream child. As risk propagates downstream, this risk or probability is reduced, in a manner analogous to the flow of a river to tributary streams. The combination of Adamson and Lokamathe does not teach the newly recited limiting of traversal to a discrete number of groups – the flow or risk could theoretically, continue downstream and never hit zero, although risk approaches zero as it propagates. This deficiency is cured by the newly cited Komavec Osojnik reference, which teaches termination of traversal of a propagation tree when a generated value is below a threshold. Komavec Osojnik describes this as a “pruning of nodes or edges.” See ¶[0078].
The Applicant makes additional remarks on pp. 10-11 that appear to conflate subject matter eligibility issues with prior art issues. MPEP §2106 relates to subject matter eligibility. The Applicant’s references to MPEP §2106 are not relevant to the prior art issues in the present case. The assignment of a threshold level of risk is taught by the newly cited Komavec Osojnik reference.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
The Manual of Patent Examining Procedure (MPEP) provides detailed rules for determining subject matter eligibility for claims in §2106. Those rules provide a basis for the analysis and finding of ineligibility that follows.
Claims 1-8, 10, and 14-21 are rejected under 35 U.S.C. 101. The claimed invention is directed to non-statutory subject matter because the claimed invention recites a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Under Step 1 of the subject matter eligibility analysis, claims(s) 1-8, 10, and 14-21 are all directed to one of the four statutory categories of invention. However, under step 2A, prong one, the claims recite a judicial exception: determining a remediation action to address a risk event (as evidenced by exemplary independent claim 1; “based on the risk analysis of the subset of the assets, determining at least one remediation action to address the risk event”), an abstract idea. Certain methods of organizing human activity are ineligible abstract ideas, including managing personal behavior or relationships or interactions between people. See MPEP §2106.04(a). The limitations of exemplary claim 1 include: “generating an asset graph;” “identifying a risk event with a target asset;” “determining a risk severity associated with the risk event;” “based on the risk severity . . . selecting a number of connections to traverse;” “traversing a subset of the assets in the network;” “based on the risk analysis of the subset of the assets, determining at least one remediation action to address the risk event;” and “executing the at least one remediation action.” The steps are all steps for managing personal behavior related to the abstract idea of determining a remediation action to address a risk event that, when considered alone and in combination, are part of the abstract idea of determining a remediation action to address a risk event. The dependent claims further recite steps for managing personal behavior that are part of the abstract idea of determining a remediation action to address a risk event. These claim elements, when considered alone and in combination, are considered to be abstract ideas because they are directed to a method of organizing human activity which includes using an asset graph to identify and analyze risks to assets for the purposes of risk reduction and remediation.
Under step 2A, prong two, of the subject matter eligibility analysis, a claim that recites a judicial exception must be evaluated to determine whether the claim provides a practical application of the judicial exception. Additional elements of the independent claims amount to generic computer hardware that does not provide a practical application (a computer readable medium in independent claim 1; a system with a device and hardware processor; and a method executable by a processor in independent claim 21). See MPEP §2106.04(d)[I]. The asset graphs recited in the claims merely represent physical hardware; the hardware in the asset graphs does not perform functions in the claims. The claims do not recite an improvement to another technology or technical field, nor do they recite an improvement to the functioning of the computer itself. See MPEP §2106.05(a). Because the claims only recite use of a generic computer, they do not apply the judicial exception with a particular machine. See MPEP §2106.05(b). Under step 2B of the subject matter eligibility analysis, the claims do not integrate the abstract idea into a judicial exception. Referring to the additional elements provided in the analysis in step one, above, the generic computer hardware does not provide significantly more than the recited abstract idea. See MPEP §2106.05(f).
For these reasons, the claims do not provide a practical application of the abstract idea, nor do they amount to significantly more than an abstract idea under step 2B of the subject matter eligibility analysis. Using a generic computer to implement an abstract idea does not provide an inventive concept. Therefore, the claims recite ineligible subject matter under 35 USC §101.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4, 7, 14-17, 20,and 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20220021697 A1 to Adamson et al. (hereinafter ‘ADAMSON’) in view of US 20180048669 A1 to Lokamathe (hereinafter ‘LOKAMATHE’) and US 20260010853 A1 to Komavec Osojnik et al. (hereinafter ‘KOMAVEC OSOJNIK’).
Claim 1 (Currently Amended)
ADAMSON discloses one or more non-transitory computer readable media comprising instructions (see ¶[0016]; aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having program code embodied thereon) which, when executed by one or more hardware processors (see ¶[0018]; modules may also be implemented in software for execution by various types of processors), causes performance of operations comprising:
generating an asset graph representing assets in a network (see abstract; apparatuses, methods, systems, and program products are disclosed for network asset risk analysis. An interface module that provides an interactive interface that graphically presents the data network and visually highlights each of the plurality of network assets according to their calculated risk levels.), each of the assets represented in the asset graph corresponding to one of devices (see ¶[0022]; the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers), software (see ¶[0046]; the virtual computing components, in certain embodiments, include such things as programs, applications, operating systems, virtual machines, hypervisors, and/or the like), and servers corresponding to the network (see again ¶[0022]; the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers), wherein the asset graph defines connections between the assets (see ¶[0003]-[0005], [0034]-[0035], [0055], and [0060]; data networks may include numerous interconnected components such as devices and programs. Identify a plurality of network assets of a data network 106, which may include a plurality of physical and virtual computing components that are interconnected via the data network 106, calculate a risk level for each of the plurality of network assets based on a plurality of factors, and provide an interactive interface that graphically presents the data network 106 and visually highlights each of the plurality of network assets according to their calculated risk levels. The interactive interface may include a graphical map illustrating the topology of the data network 106, including the connections between different devices and applications within the data network 106).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, identifying a risk event with a target asset of the assets in the network (see ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes);
determining a risk severity associated with the risk event (see again ¶[0013]-[0014] compute an aggregated risk at one or more affected nodes);
based on the risk severity associated with the risk event: selecting a number of connections to traverse from the target asset within the asset graph for a risk analysis associated with the risk event, wherein the number of connections is selected in proportion to the risk severity associated with the risk event (see ¶[0012]-[0014] and [0018]-[0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Propagate risk to neighboring nodes based on probability of selection of a path. Compute business impact loss, information loss impact, and financial impact loss based on the aggregated risk. Compute propagated risk on neighboring nodes);
traversing a subset of the assets in the network, for the risk analysis associated with the risk event, based on the number of connections (see again ¶[0012]-[0014] and [0018]-[0019]; propagate risk to neighboring nodes based on probability of selection of a path. Compute propagated risk on neighboring nodes).
The combination of ADAMSON and LOKAMATHE does not explicitly disclose, but KOMAVEC OSOJNIK discloses, the subset of assets (a) including a first group of the assets in the network that are within the number of connections from the target asset within the asset graph and (b) not including a second group of the assets in the network that are not within the number of connections from the target asset within the asset graph (see ¶[0064] and [0078]; While traversing a propagation tree 207 and generating the edge risks (w), early termination of generation is possible. This can occur if the generated value is below or above a specific threshold, if the generated value in comparison with some other value has not changed for a specified amount (for example, if edge risks (w) for a previous level and a current level do not change by a specific percent. Some nodes or edges can be pruned if their risks are below or above a certain threshold,).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, based on the risk analysis of the subset of the assets, determining at least one remediation action to address the risk event (see abstract; provide mitigation plans which will reflect reduced risk); and
executing the at least one remediation action to address the risk event (see claims 10 and 14; a mitigation plan for providing one or more alternate source or path for the data to be derived or propagated respectively; modifying constraints imposed on the information flow from logical conjunction (“AND”) to logical disjunction (“OR”) or vice-versa; isolating at least one of the one or more affected nodes or the one or more affected paths therebetween deploying data encryption scheme; and implementing diagnostic measures to measure health of the network).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. KOMAVEC OSOJNIK discloses impact propagation that includes pruning nodes from a propagation tree when values are lower than a threshold. It would have been obvious for one of ordinary skill in the art at the time of invention to include the pruning of nodes or edges as taught by KOMAVEC OSOJNIK in the system executing the method of ADAMSON and LOKAMATHE with the motivation to terminate propagation early (see KOMOVEC OSOJNIK ¶[0064]).
Claim 2 (Original)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 1.
ADAMSON does not specifically disclose, but LOKAMATHE discloses, further comprising: determining a risk analysis pathway through at least some of the connections, wherein the risk analysis pathway indicates a possible vulnerability traversal through the network (see ¶[0018]; pre-defined weights assigned to the propagated risk and probability of selection of a path in the network).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes probability of a selection of a network path. It would have been obvious to include the probability of selection of a path as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
Claim 3 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 2.
ADAMSON further discloses wherein determining the at least one remediation action comprises identifying at least one asset, in the asset graph, that is included in the risk analysis pathway for analysis corresponding to the risk event (see abstract and ¶[0080]; network asset risk analysis. In certain embodiments, the interface 300 allows a user to select and sort by different columns, e.g., to proactively mitigate risk, a user may sort the list by the overall risk score/level 312 to address network assets that pose the highest risk to the business, service, or the like.).
Claim 4 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 1.
ADAMSON does not specifically disclose, but LOKAMATHE discloses, further comprising: determining a plurality of risk analysis pathways (see abstract; One or more affected nodes or paths therebetween are identified and attack risk is computed) commencing at the target asset (see again abstract; a system in a network) corresponding to the risk event (see ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes) wherein each of the plurality of risk analysis pathways traverses the number of connections (see ¶[0012]-[0014] and [0018]-[0019]; simulate an attach to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Propagate risk to neighboring nodes based on probability of selection of a path. Compute business impact loss, information loss impact, and financial impact loss based on the aggregated risk. Compute propagated risk on neighboring nodes).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
Claim 7 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 1.
ADAMSON further discloses wherein the generating the asset graph in the network comprises monitoring communications between pairs of the assets and generating links between the assets based on the communications between the pairs of the assets (see ¶[0040] and [0066]; the data network 106, in one embodiment, includes a digital communication network that transmits digital communications. The dependency module 212 may monitor network traffic (e.g., on incoming and outgoing ports), may use a traceroute command, and/or the like to determine the path through the data network 106, a path through a service group, and/or the like to determine which network assets are dependent upon other network assets within the data network 106).
Claim 14 (Currently Amended)
ADAMSON discloses a system comprising: at least one device including a hardware processor (see ¶[0018]; modules may also be implemented in software for execution by various types of processors); the system being configured to perform operations comprising:
generating an asset graph representing assets in a network (see abstract; apparatuses, methods, systems, and program products are disclosed for network asset risk analysis. An interface module that provides an interactive interface that graphically presents the data network and visually highlights each of the plurality of network assets according to their calculated risk levels.), each of the assets represented in the asset graph corresponding to one of devices (see ¶[0022]; the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers), software (see ¶[0046]; the virtual computing components, in certain embodiments, include such things as programs, applications, operating systems, virtual machines, hypervisors, and/or the like), and servers corresponding to the network (see again ¶[0022]; the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers), wherein the asset graph defines connections between the assets (see ¶[0003]-[0005], [0034]-[0035], [0055], and [0060]; data networks may include numerous interconnected components such as devices and programs. Identify a plurality of network assets of a data network 106, which may include a plurality of physical and virtual computing components that are interconnected via the data network 106, calculate a risk level for each of the plurality of network assets based on a plurality of factors, and provide an interactive interface that graphically presents the data network 106 and visually highlights each of the plurality of network assets according to their calculated risk levels. The interactive interface may include a graphical map illustrating the topology of the data network 106, including the connections between different devices and applications within the data network 106).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, identifying a risk event with a target asset of the assets in the network (see ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes);
determining a risk severity associated with the risk event (see again ¶[0013]-[0014] compute an aggregated risk at one or more affected nodes);
based on the risk severity associated with the risk event: selecting a number of connections to traverse from the target asset within the asset graph for a risk analysis associated with the risk event, wherein the number of connections is selected in proportion to the risk severity associated with the risk event (see ¶[0012]-[0014] and [0018]-[0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Propagate risk to neighboring nodes based on probability of selection of a path. Compute business impact loss, information loss impact, and financial impact loss based on the aggregated risk. Compute propagated risk on neighboring nodes); and
traversing a subset of the assets in the network, for the risk analysis associated with the risk event, based on the number of connections see again ¶[0012]-[0014] and [0018]-[0019]; propagate risk to neighboring nodes based on probability of selection of a path. Compute propagated risk on neighboring nodes).
The combination of ADAMSON and LOKAMATHE does not explicitly disclose, but KOMAVEC OSOJNIK discloses, the subset of assets (a) including a first group of the assets in the network that are within the number of connections from the target asset within the asset graph and (b) not including a second group of the assets in the network that are not within the number of connections from the target asset within the asset graph (see ¶[0064] and [0078]; While traversing a propagation tree 207 and generating the edge risks (w), early termination of generation is possible. This can occur if the generated value is below or above a specific threshold, if the generated value in comparison with some other value has not changed for a specified amount (for example, if edge risks (w) for a previous level and a current level do not change by a specific percent. Some nodes or edges can be pruned if their risks are below or above a certain threshold,).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, based on the risk analysis of the subset of the assets, determining at least one remediation action to address the risk event (see abstract; provide mitigation plans which will reflect reduced risk); and
executing the at least one remediation action to address the risk event (see claims 10 and 14; a mitigation plan for providing one or more alternate source or path for the data to be derived or propagated respectively; modifying constraints imposed on the information flow from logical conjunction (“AND”) to logical disjunction (“OR”) or vice-versa; isolating at least one of the one or more affected nodes or the one or more affected paths therebetween deploying data encryption scheme; and implementing diagnostic measures to measure health of the network).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. KOMAVEC OSOJNIK discloses impact propagation that includes pruning nodes from a propagation tree when values are lower than a threshold. It would have been obvious for one of ordinary skill in the art at the time of invention to include the pruning of nodes or edges as taught by KOMAVEC OSOJNIK in the system executing the method of ADAMSON and LOKAMATHE with the motivation to terminate propagation early (see KOMOVEC OSOJNIK ¶[0064]).
Claim 15 (Original)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the system as set forth in Claim 14.
ADAMSON does not specifically disclose, but LOKAMATHE discloses, further comprising: determining a risk analysis pathway through at least some of the connections, wherein the risk analysis pathway indicates a possible vulnerability traversal through the network (see ¶[0018]; pre-defined weights assigned to the propagated risk and probability of selection of a path in the network).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes probability of a selection of a network path. It would have been obvious to include the probability of selection of a path as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
Claim 16 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the system as set forth in Claim 15.
ADAMSON further discloses wherein determining at least one remediation action comprises identifying at least one asset, in the asset graph, that is included in the risk analysis pathway for analysis corresponding to the risk event (see abstract and ¶[0080]; network asset risk analysis. In certain embodiments, the interface 300 allows a user to select and sort by different columns, e.g., to proactively mitigate risk, a user may sort the list by the overall risk score/level 312 to address network assets that pose the highest risk to the business, service, or the like.).
Claim 17 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the system as set forth in Claim 14.
ADAMSON does not specifically disclose, but LOKAMATHE discloses, further comprising: determining a plurality of risk analysis pathways (see abstract; One or more affected nodes or paths therebetween are identified and attack risk is computed) commencing at the target asset (see again abstract; a system in a network) corresponding to the risk event (see ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes) wherein each of the plurality of risk analysis pathways traverses the number of connections (see ¶[0012]-[0014] and [0018]-[0019]; simulate an attach to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Propagate risk to neighboring nodes based on probability of selection of a path. Compute business impact loss, information loss impact, and financial impact loss based on the aggregated risk. Compute propagated risk on neighboring nodes).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
Claim 20 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the system as set forth in Claim 14.
ADAMSON further discloses wherein the generating the asset graph in the network comprises monitoring communications between pairs of the assets and generating links between the assets based on the communications between the pairs of the assets (see ¶[0040] and [0066]; the data network 106, in one embodiment, includes a digital communication network that transmits digital communications. The dependency module 212 may monitor network traffic (e.g., on incoming and outgoing ports), may use a traceroute command, and/or the like to determine the path through the data network 106, a path through a service group, and/or the like to determine which network assets are dependent upon other network assets within the data network 106).
Claim 21 (New)
ADAMSON discloses a method comprising: generating an asset graph representing assets in a network (see abstract; apparatuses, methods, systems, and program products are disclosed for network asset risk analysis. An interface module that provides an interactive interface that graphically presents the data network and visually highlights each of the plurality of network assets according to their calculated risk levels.), each of the assets represented in the asset graph corresponding to one of devices (see ¶[0022]; the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers), software (see ¶[0046]; the virtual computing components, in certain embodiments, include such things as programs, applications, operating systems, virtual machines, hypervisors, and/or the like), and servers corresponding to the network (see again ¶[0022]; the network may comprise copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers), wherein the asset graph defines connections between assets (see ¶[0003]-[0005], [0034]-[0035], [0055], and [0060]; data networks may include numerous interconnected components such as devices and programs. Identify a plurality of network assets of a data network 106, which may include a plurality of physical and virtual computing components that are interconnected via the data network 106, calculate a risk level for each of the plurality of network assets based on a plurality of factors, and provide an interactive interface that graphically presents the data network 106 and visually highlights each of the plurality of network assets according to their calculated risk levels. The interactive interface may include a graphical map illustrating the topology of the data network 106, including the connections between different devices and applications within the data network 106).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, identifying a risk event with a target asset of the assets in the network (see ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes);
determining a risk severity associated with the risk event (see again ¶[0013]-[0014] compute an aggregated risk at one or more affected nodes);
based on the risk severity associated with the risk event: selecting a number of connections to traverse from the target asset within the asset graph for risk analysis associated with the risk event, wherein the number of connections is selected in proportion to the risk severity associated with the risk event (see ¶[0012]-[0014] and [0018]-[0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Propagate risk to neighboring nodes based on probability of selection of a path. Compute business impact loss, information loss impact, and financial impact loss based on the aggregated risk. Compute propagated risk on neighboring nodes);
traversing a subset of the assets in the network, for the risk analysis associated with the risk event, based on the number of connections (see again ¶[0012]-[0014] and [0018]-[0019]; propagate risk to neighboring nodes based on probability of selection of a path. Compute propagated risk on neighboring nodes).
The combination of ADAMSON and LOKAMATHE does not explicitly disclose, but KOMAVEC OSOJNIK discloses, the subset of assets (a) including a first group of the assets in the network that are within the number of connections from the target asset within the asset graph and (b) not including a second group of the assets in the network that are not within the number of connections from the target asset within the asset graph ((see ¶[0064] and [0078]; While traversing a propagation tree 207 and generating the edge risks (w), early termination of generation is possible. This can occur if the generated value is below or above a specific threshold, if the generated value in comparison with some other value has not changed for a specified amount (for example, if edge risks (w) for a previous level and a current level do not change by a specific percent. Some nodes or edges can be pruned if their risks are below or above a certain threshold,).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, based on the risk analysis of the subset of the assets, determining at least one remediation action to address the risk event see abstract; provide mitigation plans which will reflect reduced risk); and
executing the at least one remediation action to address the risk event (see claims 10 and 14; a mitigation plan for providing one or more alternate source or path for the data to be derived or propagated respectively; modifying constraints imposed on the information flow from logical conjunction (“AND”) to logical disjunction (“OR”) or vice-versa; isolating at least one of the one or more affected nodes or the one or more affected paths therebetween deploying data encryption scheme; and implementing diagnostic measures to measure health of the network).
ADAMSON further discloses wherein the method is performed by at least one device including a hardware processor (see ¶[0018]; modules may also be implemented in software for execution by various types of processors).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. KOMAVEC OSOJNIK discloses impact propagation that includes pruning nodes from a propagation tree when values are lower than a threshold. It would have been obvious for one of ordinary skill in the art at the time of invention to include the pruning of nodes or edges as taught by KOMAVEC OSOJNIK in the system executing the method of ADAMSON and LOKAMATHE with the motivation to terminate propagation early (see KOMOVEC OSOJNIK ¶[0064]).
Claim(s) 6 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20220021697 A1 to ADAMSON et al. in view of US 20180048669 A1 to LOKAMATHE and US 20260010853 A1 to KOMAVEC OSOJNIK et al. as applied to claim 1 above, and further in view of US 7984504 B2 to Hernacki et al. (hereinafter ‘HERNACKI’).
Claim 6 (Original)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 1.
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK does not specifically disclose, but HERNACKI discloses, further comprising dynamically updating the graph of the assets in the network as new assets are added to the network and as new connections between the assets are determined (see col 6, ln 9-24 & 56-67; Data collector 304 also sends the collected event to an event driver 314, which analyzes the event data, and updates the asset graph if the event introduces changes in the objects, their attributes or their asset relationships. The asset graph is then updated according to the object risk levels (406). In this embodiment, the object risk levels of the primary targets of the direct event are updated accordingly).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. HERNACKI discloses network risk analysis that includes updating graphs when relationships and values have changed. It would have been obvious to update the graphs as taught by HERNACKIN in the system executing the method of ADAMSON with the motivation to determine risk to assets.
Claim 19 (Original)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the system as set forth in Claim 14.
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK does not specifically disclose, but HERNACKI discloses further comprising dynamically updating the graph of the assets in the network as new assets are added to the network and as new connections between the assets are determined (see col 6, ln 9-24 & 56-67; Data collector 304 also sends the collected event to an event driver 314, which analyzes the event data, and updates the asset graph if the event introduces changes in the objects, their attributes or their asset relationships. The asset graph is then updated according to the object risk levels (406). In this embodiment, the object risk levels of the primary targets of the direct event are updated accordingly).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. HERNACKI discloses network risk analysis that includes updating graphs when relationships and values have changed. It would have been obvious to update the graphs as taught by HERNACKI in the system executing the method of ADAMSON with the motivation to determine risk to assets.
Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20220021697 A1 to ADAMSON et al. in view of US 20180048669 A1 to LOKAMATHE and US 20260010853 A1 to KOMAVEC OSOJNIK et al.as applied to claim 1 above, and further in view of US 20230325840 A1 to Visegrady (hereinafter ‘VISEGRADY’).
Claim 8 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 1.
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK does not explicitly disclose, but VISEGRADY discloses, wherein the operations further comprise determining a second risk analysis pathway at least by: selecting a maximum length for the second risk analysis pathway corresponding to the number of connections that is determined based on the associated risk severity (see ¶[0040]; Preferred embodiments also weight risk attributes of nodes in dependence on the number of hops between each node and the CP node, such that nodes more distant from the CP node contribute less to the resulting risk value(s). Examiner Note: this teaches that number of hops or connections is proportional to risk, and lower risk scores result in fewer hops).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, commencing the second risk analysis pathway at the target asset, of the asset graph, corresponding to the risk event (see ¶[0012]-[0014] and [0018]-[0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Propagate risk to neighboring nodes based on probability of selection of a path. Compute business impact loss, information loss impact, and financial impact loss based on the aggregated risk. Compute propagated risk on neighboring nodes).
The combination of ADAMSON and LOKAMATHE does not explicitly disclose, but VISEGRADY discloses, extending a length of the second risk analysis pathway from the target asset by traversing, from the target asset to additional assets in the asset graph until either (a) the maximum length for the second risk analysis pathway is reached or (b) an asset is reached with a security profile that meets a pathway termination criteria (see ¶[0040]; Preferred embodiments also weight risk attributes of nodes in dependence on the number of hops between each node and the CP node, such that nodes more distant from the CP node contribute less to the resulting risk value(s). Examiner Note: this teaches that number of hops or connections is proportional to risk, and lower risk scores result in fewer hops).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk and proactively mitigate risk (see ¶[0080]). VISEGRADY discloses risk evaluation that is dependent on the number of hops between nodes. It would have been obvious to calculate risk as taught by VISEGRADY in the system executing the method of ADAMSON with the motivation to proactively mitigate risk.
Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20220021697 A1 to ADAMSON et al. in view of US 20180048669 A1 to LOKAMATHE and US 20260010853 A1 to KOMAVEC OSOJNIK et al. as applied to claim 1 above, and further in view of US 12021680 B1 to Lewis (hereinafter ‘LEWIS’).
Claim 10 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 1.
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK does not specifically disclose, but LEWIS discloses further comprising doing a second remediation action for a second asset in the asset graph, wherein the second asset is further from the target asset than the first asset and wherein the second remediation action is less substantial than the remediation action (see col 21 ln 55-col 22, ln 19; the right side of the graph 824 may correspond to a higher degree of improvement and the left side of the graph 824 may correspond to a lower degree of improvement. Therefore, using the numerical improvement metric, an optimal network error prevention and or mitigation strategy may be determined).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk and proactively mitigate risk (see ¶[0080]). LEWIS discloses mitigating errors in a network, where different degrees of improvement are associated with different mitigation strategies. It would have been obvious to include mitigation strategies as taught by LEWIS in the system executing the method of ADAMSON with the motivation to reduce risk.
Claim(s) 5 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20220021697 A1 to ADAMSON et al. in view of US 20180048669 A1 to LOKAMATHE and US 20260010853 A1 to KOMAVEC OSOJNIK et al. as applied to claim 1 above, and further in view of US 20230325840 A1 to VISEGRADY and US 12021680 B1 to LEWIS.
Claim 5 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the non-transitory media as set forth in Claim 1.
ADAMSON does not specifically disclose, but LOKAMATHE discloses, further comprising: identifying a second risk event with a second risk severity (see ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes), the second risk severity being greater than the risk severity (see again ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Examiner Note: multiple simulations or calculations would result in different aggregated risk, one greater than the other).
The combination of ADAMSON and LOKAMATHE does not explicitly disclose, but VISEGRADY discloses, determining a second number of connections to traverse for generating a second risk analysis, the second number of connections being greater than the number of connections (see ¶[0040]; Preferred embodiments also weight risk attributes of nodes in dependence on the number of hops between each node and the CP node, such that nodes more distant from the CP node contribute less to the resulting risk value(s). Examiner Note: this teaches that number of hops or connections is proportional to risk, and lower risk scores result in fewer hops).
The combination of ADAMSON, LOKAMATHE, and VISEGRADY does not specifically disclose, but LEWIS discloses, determining a second remediation action to address the second risk event, the second remediation action being more extensive than the at least one remediation action (see col 21 ln 55-col 22, ln 19; the right side of the graph 824 may correspond to a higher degree of improvement and the left side of the graph 824 may correspond to a lower degree of improvement. Therefore, using the numerical improvement metric, an optimal network error prevention and or mitigation strategy may be determined).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, executing the second remediation action to address the second risk event (see claims 10 and 14; a mitigation plan for providing one or more alternate source or path for the data to be derived or propagated respectively; modifying constraints imposed on the information flow from logical conjunction (“AND”) to logical disjunction (“OR”) or vice-versa; isolating at least one of the one or more affected nodes or the one or more affected paths therebetween deploying data encryption scheme; and implementing diagnostic measures to measure health of the network).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk and proactively mitigate risk (see ¶[0080]). VISEGRADY discloses risk evaluation that is dependent on the number of hops between nodes. It would have been obvious to calculate risk as taught by VISEGRADY in the system executing the method of ADAMSON with the motivation to proactively mitigate risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk and proactively mitigate risk (see ¶[0080]). LEWIS discloses mitigating errors in a network, where different degrees of improvement are associated with different mitigation strategies. It would have been obvious to include mitigation strategies as taught by LEWIS in the system executing the method of ADAMSON with the motivation to reduce risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
Claim 18 (Currently Amended)
The combination of ADAMSON, LOKAMATHE, and KOMAVEC OSOKNIK discloses the system as set forth in Claim 14.
ADAMSON does not specifically disclose, but LOKAMATHE discloses, further comprising: identifying a second risk event with a second associated risk severity (see ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes), the second associated risk severity being greater than the associated risk severity (see again ¶[0013]-[0014] and [0019]; simulate an attack to affect one or more nodes. Compute an aggregated risk at one or more affected nodes. Examiner Note: multiple simulations or calculations would result in different aggregated risk, one greater than the other).
The combination of ADAMSON and LOKAMATHE does not explicitly disclose, but VISEGRADY discloses, determining a second number of connections to traverse for generating a second risk analysis pathway, the second number of connections being greater than the number of connections (see ¶[0040]; Preferred embodiments also weight risk attributes of nodes in dependence on the number of hops between each node and the CP node, such that nodes more distant from the CP node contribute less to the resulting risk value(s). Examiner Note: this teaches that number of hops or connections is proportional to risk, and lower risk scores result in fewer hops).
The combination of ADAMSON, LOKAMATHE, and VISEGRADY does not specifically disclose, but LEWIS discloses, determining a second remediation action to address the second risk event, the second remediation action being more extensive than the at least one remediation action (see col 21 ln 55-col 22, ln 19; the right side of the graph 824 may correspond to a higher degree of improvement and the left side of the graph 824 may correspond to a lower degree of improvement. Therefore, using the numerical improvement metric, an optimal network error prevention and or mitigation strategy may be determined).
ADAMSON does not specifically disclose, but LOKAMATHE discloses, executing the second remediation action to address the risk event (see claims 10 and 14; a mitigation plan for providing one or more alternate source or path for the data to be derived or propagated respectively; modifying constraints imposed on the information flow from logical conjunction (“AND”) to logical disjunction (“OR”) or vice-versa; isolating at least one of the one or more affected nodes or the one or more affected paths therebetween deploying data encryption scheme; and implementing diagnostic measures to measure health of the network).
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk and proactively mitigate risk (see ¶[0080]). VISEGRADY discloses risk evaluation that is dependent on the number of hops between nodes. It would have been obvious to calculate risk as taught by VISEGRADY in the system executing the method of ADAMSON with the motivation to proactively mitigate risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk and proactively mitigate risk (see ¶[0080]). LEWIS discloses mitigating errors in a network, where different degrees of improvement are associated with different mitigation strategies. It would have been obvious to include mitigation strategies as taught by LEWIS in the system executing the method of ADAMSON with the motivation to reduce risk.
ADAMSON discloses network asset risk analysis that includes a risk graph with nodes representing assets to assess risk. LOKAMATHE discloses comprehensive risk assessment in a heterogeneous dynamic network that includes determining impact of risk on neighboring nodes to develop risk mitigation plans. It would have been obvious to include the aggregate assessment and mitigation plan as taught by LOKAMATHE in the system executing the method of ADAMSON with the motivation to reduce risk.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD N SCHEUNEMANN whose telephone number is (571)270-7947. The examiner can normally be reached M-F 9am-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patricia Munson can be reached at 571-270-5396. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RICHARD N SCHEUNEMANN/ Primary Examiner, Art Unit 3624