Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending.
Claim Rejections - 35 USC § 101
835 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claims when analyzed under 2019 Revised Patent Subject Matter Eligibility Guidance, are directed to abstract idea. Claim 1 for example, recites a method and, therefore, is a process. The claim recites the limitation of: “…generating a semantic description of a data volume; querying a monitoring service with the semantic description; determining, based on results received from the monitoring service, to iteratively, until determining that a breach occurred: refine the semantic description to be more specific; query the monitoring service with the semantic description, and determine whether the breach occurred based on results received from the monitoring service in response to the semantic description; and upon determining that the breach occurred, initiating a mitigation action.…”. These limitations, under broadest reasonable interpretation are directed performance of the limitation in a human mind. That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, the claim encompasses a human/person simply transforming a data to a different form (semantic description), refining/modifying the semantic description to be more specific, querying another person with the semantic description, receiving from the other person a result on a piece of paper or via an electronic mail, by looking at the result, determining if a breach occurred, and initiation a mitigation action. For example, the steps of determining whether a breach occurred based on results and initiating mitigation action is directed to abstract idea.
Claim is further analyzed in step 2A prong 2, to evaluate whether the claim as a whole integrates the recited judicial exception into a practical application of the exception. This evaluation is performed by identifying whether there are any additional elements recited in the claim beyond the judicial exception, and evaluating those additional elements individually and in combination to determine whether the claim as a whole integrates the exception into a practical application. However, each of the remaining limitation do not constitute meaningful limitations that would amount to significantly more than the abstract idea. The combination of additional element is no more than generic computer functions. Thus, even in combination, the additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limitations on practicing the abstract idea.
Claim is additionally analyzed under Step 2B to evaluates whether the claim as a whole amount to significantly more than the recited exception, whether any additional element, or combination of additional elements, adds an inventive concept to the claim. When claims evaluated under step 2B, it is no more than what is well-understood, routine, conventional activity in the field. The specification does not provide any indication anything other than a generic computer component. The mere “…generating a semantic description… querying a monitoring service with the semantic description…refine the semantic description to be more specific…query the monitoring service with the semantic description, and determine whether the breach occurred… [and] initiating a mitigation action.……” is a well-understood, routing and conventional function when it is claimed in a merely generic manner as it is here.
Independent claims 8 and 15 include limitations similar to the limitations of claim 1 and are rejected under 35 U.S.C. 101 as being directed to abstract idea for the same reasons discussed above with respect to claim 1.
Dependent claims 2-7, 9-14 and 16-20 do not recite nor impart any further limitation(s) that would bring the invention in conformance with 35 U.S.C. §101 as patentable subject matter.
Claims 2, 9 and 16 recite additional element of performing mitigation action comprises verifying that the breach occurred by using one or more of a hash value and a key value. This is additional data checking and comparison, which is part of the same abstract information-processing and does not include inventive concept, such as improving computer functionality itself or creating a technical solution.
Claims 3 10 and 17, further narrows the verifying step recited in claim 2. The verifying step includes generating the hash value, querying the monitoring service to determine if the hash value matches corresponding hash value of any of a plurality of exfiltrated data items, and receiving an indication of a match. These steps recite particular way of comparing data values, but they remain conventional data generation, quarrying, and matching operations and do not integrate the abstract idea into a practical application because they do not impose meaningful limits on practicing the abstract idea.
Claims 4 11 and 18, recite the verifying step recited in claim 2 includes identifying a key value in the data item, querying the monitoring service to indicate if the key value has been exfiltrated in the breach, and receiving an indication that the key value has been exfiltrated in the breach. This further narrows the type of information compared, but still amounts to querying and comparing data values using a generic computer, and does not include inventive concept, such as improving computer functionality itself or creating a technical solution.
Claims 5, 12 and 19 adds the generating the semantic description includes reading a plurality of data items in the data volume, and generating a natural language description applicable to portion of the plurality of data items. This specifies how the abstract “semantic description” is generated, but it is still generation of a semantic description of data time and does not include inventive concept, such as improving computer functionality itself or creating a technical solution.
Claims 6, 13 and 20, recites additional element of refining the semantic description comprises generating a natural language description applicable to a sub-portion of the data items contained in the portion of data items. This is further refinement of the same abstract description of content and remain within the abstract idea of defining and narrowing descriptions.
Claims 7 and 14, recite the generating semantic description includes querying an enterprise system that owns the data volume for the semantic description of the data volume and receiving the semantic description generated by the enterprise system. This is still uses conventional querying of a system, and does not include inventive concept, such as improving computer functionality itself or creating a technical solution.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 7, 8, 14 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Baskaran et al. (US Patent No.11,392,605 ), hereinafter Baskaran in view of Korn et al. (US Patent No.12,360,962).
As per claim 1, 8 and 15, Baskaran discloses a method of operating a data protection service, comprising: generating a semantic description of a data volume (column 67, lines 21-23 and column 70, lines 9-10, “transformed data stream”); querying a monitoring service with the semantic description (column 67,lines 51-52, “process the transformed data stream”, column 70, lines 36-37, “the transformed data stream is analyzed”); determining, based on results received from the monitoring service, to iteratively, until determining that a breach occurred (column 70, lines 48-50, “The anomaly model may be continually executed with continually received portions of the data stream”): query the monitoring service with the semantic description, and determine whether the breach occurred based on results received from the monitoring service in response to the semantic description (column 67, lines 51-53, the analyzer processes the transformed data stream, column 70, lines 44-48, “features from the data points in the data stream 1310 are extracted and used as input to the anomaly model, the output of the anomaly model is the analysis results. For example, the output may be whether an anomaly is detected”), and upon determining that the breach occurred, initiating mitigation (column 54, lines 55-62, column 55, lines 15-17, alert is generated when anomalous incidents is detected).
Baskaran does not explicitly disclose, refine the semantic description to be more specific. However, in an analogous art, Koran discloses, refine the semantic description to be more specific (column 17, lines 17-22, “determine…second description for the fields of the first data, the second descriptions have a finer level of detail in describing the files than the filed that the first description”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Baskaran with Koran. This would have been obvious because one of the ordinary skill in the art would have been motivated to improve variety of descriptions in order to detect malicious activities.
As per claim 7 and 14, Korn furthermore discloses wherein the generating the semantic description comprises: querying an enterprise system for the semantic description of the data volume, wherein the enterprise system owns the data volume; and receiving the semantic description, the semantic description being generated by the enterprise system (column 11, lines 15-17 and 65-66, semantic data model sending a request for field descriptions to the large language model, the large language model sending field descriptions to the semantic data model).
Claims 2-4, 9-11 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Baskaran, in view of Korn, further in view of Fridman et al. (US Patent No.10,498,748).
As per claim 2, 9 and 16, Baskaran as modified does not explicitly disclose, but in an analogous art, Fridman discloses, performing the mitigation action, wherein the performing the mitigation action comprises verifying that the breach occurred for a data item in the data volume using one or more of a hash value associated with the data item and a key value associated with the data item (column 8, lines 46-57, “ detection cluster 54, using the key 65, applies the same forward hash function to the data content
to be examined. The detection cluster 54 then search the data content in the hashed data files using the search index to detect for matched content… in the event that matched data content in the hashed data files is found and the matched data content is deemed to be in violation of the enterprise's security policy, the detection cluster 54 may generates a warning flag or an alert in the detection result indicating potential violations”, column 9, lines 1-3, “if the last name and the social security number of a data record are found in a data being examined, then violation is flagged”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the modified Baskaran with Fridman. This would have been obvious because one of ordinary skill in the art would have been motivated to detect data loss in network data content belonging to an enterprise.
As per claim 3,10 and 17, Fridman furthermore discloses, wherein the verifying that the breach occurred comprises: generating the hash value associated with the data item; querying the monitoring service with a request to determine if the hash value matches a corresponding hash value of any of a plurality of exfiltrated data items; and receiving, from the monitoring service, an indication that one of the plurality of exfiltrated data items has a matching hash value (column 7, lines 3-7, “the database 62 is forward hashed or encoded using a hasher 64 on the premises of the enterprise data network to generate a pre-index. The hasher 64 uses a key 65 belonging to or controlled by the enterprise. The hasher 64 applies a forward hash function to the database 62”, column 8, lines 43-52, “used by the enterprise to perform forward hashing of the database 62. The detection cluster 54, using the key 65, applies the same forward hash function to the data content to be examined. The detection cluster 54 then search the data content in the hashed data files using the search index to detect for matched content. The detection cluster 54 performs detection in accordance with the enterprise's security policy and generates detection results that are provided to the enterprise”). The motivation is similar to the motivation provided in claim 2.
As per claim 4, 11 and 18, Fridman furthermore discloses wherein the verifying that the breach occurred comprises: identifying the key value in the data item; querying the monitoring service with a request to indicate if the key value has been exfiltrated in the breach; and receiving, from the monitoring service, an indication that the key value has been exfiltrated in the breach (column 9, lines 1-3, “if the last name and the social security number of a data record are found in a data being examined, then violation is flagged”). The motivation is similar to the motivation provided in claim 2.
Claims 5, 6, 12, 13, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Baskaran, in view of Korn, further in view of Conikee et al. (US Publication No. 2019/0171846), hereinafter Conikee.
As per claim 5, 12 and 19, Baskaran as modified does not explicitly disclose, but in an analogous art, Conikee discloses, wherein the generating the semantic description comprises: reading a plurality of data items in the data volume; and generating a natural language description applicable to a portion of the plurality of data items (paragraph [0058], “Data flow analysis can trace data objects to parts of the code where there is a semantic and natural language indicators”).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention to modify the modified Baskaran to include the well known natural language description, in order to achieve the predictable result of enabling monitoring of sensitive data.
As per claim 6, 13 and 20, Conikee furthermore discloses wherein the refining the semantic description comprises generating a natural language description applicable to a sub-portion of the data items contained in the portion of data items (paragraph [0062], “Processing a semantic description of data in an application S112 may include applying natural language processing…Processing a semantic description of data in an application S112 can preferably detect multiple data objects (or simple data variables) in the application code as sensitive data”, paragraph [0058], “Data flow analysis can trace data objects to parts of the code where there is a semantic and natural language indicators”). The motivation is similar to the motivation provided in claim 5.
References Cited, Not Used
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Zoppas et al. (US Patent No. 8,255,370) discloses, a method and apparatus for scanning structured data from a data repository having an arbitrary data schema and for applying a policy to the data of the data repository are described. In one embodiment, the structured data is converted to unstructured text data to allow a schema-independent policy to be applied to the text data in order to detect a policy violation in the data repository regardless of the data schema used by the data repository.
Fineis et al. (US Publication No.2018/0060703) discloses, a platform may receive multivariate data from an asset in an original coordinate space and transform the data in the original coordinate space to a transformed coordinate space. Additionally, the platform may standardize the data in the transformed coordinate space and modify the standardized data. Thereafter, the platform may inversely transform the modified data back to the original coordinate space and perform an analysis to detect anomalies.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300 Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437