METHOD AND DEVICE FOR MANAGING SECURITY IN A COMPUTER NETWORK

§101 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1 – 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Specifically, claim 1 recites, “A cyber threat intelligence identification,”. However, the body of the claim has nothing to do with cyber threat intelligence identification. In claim 1, (a)… “ the parent forms” should be, “the two parent forms” or “both parent forms”, to be consistent. In claim 1, (b)… defines ”the type of an algorithm” is awkward. A better phrase would be, defines “an algorithm type”. In addition, there is no antecedent basis for, “the type” In claim 1, (c), last line, there is no antecedent basis for, “the mode” and no antecedent basis for, “the algorithm of the mode”. With respect to claims 2 and 3, these claims are rejected on the basis of depending from rejected claim 1. With respect to claim 4, …”the amount of overlapping information” has no antecedent basis. In addition, there is no antecedent basis for, “the ratio set”. Additionally, “wherein if the ratio is set to small then most of the hybrid form will be constructed has a very different from its past iteration”, makes no sense. With respect to claim 5, there is no antecedent basis for, “the same place” in the form. In addition, “the form”, is this the hybrid form? If so, please use consistent language. With respect to claim 6, there is no antecedent basis for, “the manner”. In addition, …”this module” is recited in claim 6. It is unclear as to which module such refers or is intended. With respect to claim 7, there is no antecedent basis for, “the trait index”. There is no antecedent basis for, “the relevant Event and Response storage”. With respect to claim 8, there is no antecedent basis for, “the security behavior module”. In addition, there is no antecedent basis for, “the security behaviorcloud”. Additionally, “behaviorcloud”, should be -- behavior cloud--. With respect to claim 9, there is no antecedent basis for Exploit DB. There is no antecedent basis for, “the evolutionary pathways”. With respect to claim 10, there is no antecedent basis for, “the next generation”. The phrase, “ wherein two input forms are compiled security behavior from a security behavior cloud”, makes no sense. There is no antecedent basis for, “the next generation for a pathway”. There is no antecedent basis for, “the resultant hybrid form”. There is no antecedent basis for, “the creativity module”. There is no antecedent basis for, “the relevant evolutionary pathway”. There is no antecedent basis for, “the Artificial Security Threat (AST) system”. There is no antecedent basis for, “the desired module behavior. There is no antecedent basis for, “the internally chosen growth pattern” or for “the same growth pattern”. With respect to claim 11, There is no antecedent basis for, “the best estimate”. There is no antecedent basis for, the actual threat”. There is no antecedent basis for, “the transition of a known and confirmed iteration” and there is no antecedent basis for, “the transition pattern”. With respect to claim 12, there is no antecedent basis for, “the same AST batch” and for, “the pathway” nor for, “the best personality traits”. There is no antecedent basis for, “security threat” nor for, “the real time security analysis”. There is no antecedent basis for, “ the enterprise network” nor for, “the analytical conclusion”. There is no antecedent basis for, “the internal functions” nor for, the syntax”. With respect to claim 13, there is no antecedent basis for, “the enterprise system” nor for, “the iteration process” nor for, “the intent/purpose of the incoming block of code” or for, “the questionable code”. With respect to claim 14, there is no antecedent basis for, “the malicious activity” nor for, the malicious behavior”. With respect to claim 15, there is no antecedent basis for, “the variables” nor for, “the original perception of the security response. This not meant to be an exhaustive list but, merely examples of the types of problems found with claims. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 53-65 and 69 are rejected under 35 U.S.C. 101 because the claimed 16. invention is directed to an abstract idea. Step 1: With regard to claims 1 - 15, the claims are recited as being directed to a "system". Step 2A Prong One: With regard to claims 1 - 15, the claims recite the following claim limitations: A cyber threat intelligence identification, integration and analysis system characterized by comprising: an intelligent selector that receives two parent forms, wherein the parent forms represent abstract constructs of data, and merges the two parent forms into a hybrid form; b) a mode module that defines the type of an algorithm in which the system is being used, wherein the intelligent selector decides parts to merge based on the type of the algorithm; (c) a static criteria module that receives input of customization data for how forms should be merged wherein the intelligent selector comprises a raw comparison module that performs raw comparison on the two parent forms based on the customization data provided by the static criteria module, wherein the raw comparison module outputs regarding changes and non-changes, wherein the intelligent selector ranks importance of the changes based on the customization data, wherein the changes and the non-changes are merged into a hybrid form based on the customization data of the static criteria and the type of the algorithm of the mode. The system of claim 1, wherein the customization data comprises ranking prioritizations, desired ratios of data, and data to direct merging which is dependent on the type of algorithm defined by the mode module. 3 The system of claim 1, wherein the merging comprises adjusting ratio distribution of data, importance of data, and relationship between data, wherein a ratio mode, a priority mode, and a style mode are preset in the system. 4 The system of claim 3, wherein in the ratio mode, the amount of overlapping information is filtered through according to the ratio set by the Static Criteria, wherein if the ratio is set to large then a large amount of form data that has remained consistent will be merged into the hybrid form, wherein if the ratio is set to small then most of hybrid form will be constructed has a very different from its past iterations. 5 The system of claim 3, wherein in the priority mode, when both data sets compete to define a feature at the same place in the form, a prioritization process occurs to choose which features are made prominent and which are overlapped and hidden, wherein when only one trait can occupy in the hybrid form, a prioritization process occurs. 6 The system of claim 3, in the style mode, the manner in which overlapping points are merged, wherein the Static Criteria and mode direct this module to prefer a certain merge over another. 7 The system of claim 1, wherein a trait makeup and indexed security Points of Interest (POI) are provided to query security events with their responses, wherein the POI's are stored in a security POI pool, and POI's are bridged with the trait index, wherein when a personality trait regarding a security issue is queried, relevant POI's are looked up in the POI pool and the relevant Event and Response storage are retrieved and returned, wherein in a POI interface module, personal traits are associated with POI's. 8 The system of claim 1, further comprising a response parser, which comprises: a cross reference module, in which that data describing a security event and a response to the security event are received; the security behavior module provides known POI, and input for a personality trait tagged to a security event is received; a trait tagging module that associates the security response with personal trait based on prescription of the personal trait and pattern correlation from past security behavior; and a trait interaction module that receives a trait makeup from the trait tagging module, and assesses its internal compatibility; wherein the security event, response, trait are stored in the security behavior cloud. 9. The system of claim 1, wherein a security ruleset is tested with an artificial exploit, wherein after an exploit is performed, result feedback module provides the result if the exploit worked and if it should be incorporated into the Exploit DB, wherein an information release module provides details to a creativity module for how the next exploit should look like, wherein information is merged between the information release module and the Exploit DB, wherein the exploit is performed as a batch in which all the evolutionary pathways get tested in parallel and simultaneously with the same exploit, wherein the creativity module produces a hybrid exploit that uses the strengths of prior exploits and avoids known weaknesses in exploits based on result by the information release module, wherein an oversight management module monitors developments in an exploit storage and usage, wherein exploits are produced/modified/removed by external inputs, wherein the exploits are stored along with known behavioral history that describes how the exploits performed in the past within certain conditions and exploit importance. 10 The system of claim 1, further comprising a monitoring/interaction system, in which a creativity module produces the next generation for a pathway, wherein two input forms are compiled security behavior from a security behavior cloud, and variables from a security review module, wherein the resultant hybrid form is pushed to an iteration processor, wherein the iteration processor processes the hybrid form pushed from the creativity module, and assembles a new generation, and loads the new generation into the relevant evolutionary pathway, wherein the security review module receives report variables from the evolutionary pathway, and evaluates its security performance against the Artificial Security Threat (AST) system, outputs report for further review, and sends the report to the creativity module to iterate the next generation, wherein the security behavior cloud supplies relevant events and responses to the security review module, wherein the criteria is determined via a trait index query, wherein if a good performance evaluation is received, the security review module attempts to find a better exploit to break the exploit in the security behavior cloud, wherein the trait makeups are provided to the security behavior cloud and the security behavior cloud provides the trait makeups to the creativity module to guide how the generational ruleset should be composed, wherein an automated growth guidance system intervenes between external control and the monitoring and interaction system, wherein a module type discerns what the desired module behavior is, and wherein forced feedback is a response by a module informing about its current condition every time it is given new instructions, wherein high level master variables are externally input to the static criteria, wherein the creativity module discerns a new desired result after being given the previous desired result and the actual result, wherein the actual result that comprises status and state of the controlled module is stored in a module tracking DB, wherein the module tracking DB is populated by the module and the creativity module, wherein the module tracking DB provides an input form to the creativity module which reflects the internally chosen growth pattern for the controlled module, wherein the creativity module pushes the new controls for the module to the module tracker and the module itself, wherein the modules are controlled in parallel, except that the module tracking operates in a single instance and is partitioned to deal with multiple modules simultaneously, wherein the feedback from the controlled module, which comprises information derived from actual module history, is stored in a realistic DB, wherein a theory DB contains theoretical controls for the module, which are provided by the creativity module, wherein if a control performs as expected then the same growth pattern is kept, and if a control performs odd, then alternate growth pattern is adopted. 11 The system of claim 1, further comprising a malware predictive tracking algorithm, in which an existing malware is iterated to consider theoretical variances in makeup, wherein as the theoretical time progresses, the malware evolves interacting with a creativity module, wherein CATEGORY A represents confirmed malware threats with proven history of recognition and removal, CATEGORY B represents malware that the system knows exists but is unable to recognize nor remove with absolute confidence and CATEGORY C represents malware that is completely unknown to the system in every way possible, wherein the process starts from category A, wherein known malware is pushed to the creativity module to produce a hybrid form which includes potential variations that represent currently unknown malware, wherein then based on category B, a theoretical process represents the best estimate of what an unknown threat is like, wherein a process based on category C represents the actual threat that the system is unaware of and trying to predict, wherein a pattern is produced to represent the transition of a known and confirmed iteration, wherein the transition pattern is used to predict a currently unknown threat. 12 The system of claim 1, further comprising a critical infrastructure protection & retribution through cloud & tiered information security (CIPR/CTIS) that comprises trusted platform security information synchronization service, wherein information flows between multiple security algorithms within a managed network & security services provider (MNSP), wherein all enterprise traffic within an enterprise intranet, extranet and internet are relayed to the MNSP cloud via VPN for real-time and retrospective security analysis, wherein in the retrospective security analysis, events and their security responses and traits are stored and indexed for future queries, conspiracy detection provides a routine background check for multiple security events and attempts to determine patterns and correlations, parallel evolutionary pathways are matured and selected, iterative generations adapt to the same AST batch, and the pathway with the best personality traits ends up resisting the security threats the most, wherein in the real- time security analysis, syntax module provides a framework for reading & writing computer code, purpose module uses syntax module to derive a purpose from code, & outputs such a purpose in its own complex purpose format, the enterprise network and database is cloned in a virtual environment, and sensitive data is replaced with mock data, signal mimicry provides a form of retribution used when the analytical conclusion of virtual obfuscation has been reached, wherein it checks that all the internal functions of a foreign code make sense, uses the syntax and purpose modules to reduce foreign code to a complex purpose format, detects code covertly embedded in data & transmission packets, wherein a mapped hierarchy of need & purpose is referenced to decide if foreign code fits in the overall objective of the system. 13 The system of claim 1, further comprising a logically inferred zero-database a-priori real-time defense (LIZARD), in which every digital transfer within the enterprise system is relayed through an instance of LIZARD, wherein all outgoing/incoming information from outside the enterprise system are channeled via the LIZARD VPN and LIZARD cloud, wherein an iteration module (IM) uses a static core (SC) to syntactically modify a code base of dynamic shell (DS), wherein the modified version is stress tested in parallel with multiple and varying security scenarios by an artificial security threat (AST), wherein if LIZARD performs a low confidence decision, it relays relevant data to AST to improve future iterations of LIZARD, wherein AST creates a virtual testing environment with simulated security threats to enable the iteration process, wherein the static core of LIZARD derives logically necessary functions from initially simpler functions, converts arbitrary generic code which is understood directly by syntax module, and reduces code logic to simpler forms to produce a map of interconnected functions, wherein iteration expansion adds detail and complexity to evolve a simple goal into a complex purpose by referring to purpose associations, wherein a virtual obfuscation module confuses & restricts code by gradually & partially submerging them into a virtualized fake environment, wherein malware hypothetically bypasses an enterprise security system, LIZARD has a low confidence assessment of the intent/purpose of the incoming block of code, the questionable code is covertly allocated to an environment in which half of the data is intelligently mixed with mock data, a real data synchronizer intelligently selects data to be given to mixed environments & in what priority, and a mock data generator uses the real data synchronizer as a template for creating counterfeit & useless data. 14 The system of claim 1, further comprising a clandestine machine intelligence & retribution through covert operations in cyberspace module, in which a sleeper double agent silently captures a copy of a sensitive file and the captured file is pushed outside of an enterprise network to a rogue destination server, wherein standard logs are generated which are delivered for real-time and long-term analysis, wherein real-time analysis performs a near instant recognition of the malicious activity to stop it before execution, and the long-term analysis recognizes the malicious behavior after more time to analyze. 15 The system of claim 1, further comprising a critical thinking, memory and perception algorithm that produces an emulation of the observer, and tests/compares all potential points of perception with such variations of observer emulations, wherein priority of perceptions chosen are selected according to weight in descending order, wherein a policy dictates the manner of selecting a cut off, wherein perceptions and relevant weight are stored with comparable variable format (CVF) as their index, wherein CVF derived from data enhanced logs is used as criteria in a database lookup of a perception storage, wherein a metric processing module reverse engineers the variables from selected pattern matching algorithm (SPMA) security response, wherein a part of the security response and its corresponding system metadata are used to replicate the original perception of the security response, wherein debugging and algorithm trace are separated into distinct categories using traditional syntax based information categorization, wherein the categories are used to organize and produce distinct security response with a correlation to security risks and subjects. These claim limitations appear to recite "Mental Processes" including evaluations, classifications, categorizing and requirements which may be performed in the human mind. A human being may manually observe data or events based on criteria to produce suspected patterns. The claims do not recite how a threat being detected based on the merged criteria, merely that it is done using observational analysis. A human being looking at the abnormal patterns and identifying a potential incident based on the observed analysis. The claims do not recite how the threats are predicted based on range and makeup of unknown threats, and instead appears to recite the concepts in a high level of generality capturing concepts which may be performed within a human mind. Step 2B Prong Two: With regard to claims 1 - 15, the claims recite additional elements. For example, Claim1 additionally recites …wherein the intelligent selector comprises a raw comparison module... Claim 3 additionally recites …ratio mode… Claim 7, additionally recites …trait index… Claim 8, additionally recites …a cross reference module… Claim 9, additionally recites …feedback module Claim 10, additionally recites …a creativity module… Claim 13, additionally recites … Logically Inferred Zero-database A-priori Real-time Defense… Claim 15, …a metric processing module… These claim limitations appear to merely add the use of generic computer components which are merely executing the abstract idea within a computer device. (See MPEP 2106.05(b)) As such these claim limitations do not appear to integrate the abstract idea into a particular application. Step 2B With regard to claims 1 - 15, the claims recite additional elements. For example, Claim1 additionally recites …wherein the intelligent selector comprises a raw comparison module... Claim 3 additionally recites …ratio mode… Claim 7, additionally recites …trait index… Claim 8, additionally recites …a cross reference module… Claim 9, additionally recites …feedback module Claim 10, additionally recites …a creativity module… Claim 13, additionally recites … Logically Inferred Zero-database A-priori Real-time Defense… Claim 15, …a metric processing module… These claim limitations appear to merely add the use of generic computer components which are merely executing the abstract idea within a computer device. (See MPEP 2106.05(b)) As such these claim limitations do not appear to integrate the abstract idea into a particular application. When viewed as an ordered combination, the claim appears to recite a series of mental processes which are being executed by generic computing devices. As such, when viewed as an ordered combination the claims do not appear to amount to significantly more than the abstract idea itself. 101 Conclusion Based on the above analysis the claims 1-15 have been determined to not be eligible subject matter under 35 USC 101. No Art Rejection Regarding claims 1 - 15, normally a claim which fails to comply with the 1st and/or 2nd paragraphs of 112 will not be analyzed as to whether it is patentable over the prior art rejection since to do so would of necessity required speculation with regard to the meets and bounds of the claimed subject matter, In re Steele, 308 f .2d 859, 862-63, 134 USPQ 292, (CCPA 1962) and In re Wilson, 424 F .2d 1382, 1385 496 USPQ 494, 496 (CCPA 1970). Specifically, the multiple 112 problems and 101 problems make it impossible to understand what Applicant intends the meet and bounds of the claims. Included are a few references known to the examiner that appear to be relevant (see 892) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to William Deane whose telephone number is 571 -272- 7484. The examiner can normally be reached on Monday - FRIDAY from 9:00 A.M. to 5:00 P.M. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ahmad Matar, can be reached on 571-272-7488. The official fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. However, unofficial faxes can be direct to the examiner's computer at 571 273 - 7484. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 27Feb2026 /WILLIAM J DEANE JR/ Primary Examiner, Art Unit 2693