Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is a reply to the application filed on 08/06/2024 with preliminary amendment of replacement specification filed on 10/22/2024, in which, claim(s) 1-12 are pending. Claim(s) 1, 4, 7 and 10 are independent.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/06/2024, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.
Drawings
The drawings filed on 08/06/2024 and the drawings replacement sheet filed on 10/22/2024 are accepted by The Examiner.
Examiner’s Note
Claim 7 recites “A system…comprising… one or more computers with executable instructions that, when executed, cause the system to” and has been analyzed for 35 U.S.C. 101. No 35 U.S.C. 101 deemed necessary since the computer is interpreted as hardware computer in order to “execute” instructions. Therefore, the examiner has viewed the system as meeting 35 U.S.C. 101 eligibility requirements.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-12 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
Claims 1-6 of Patent 12,058,177.
Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-12 are anticipated by claims 1-6 of Patent 12,058,177.
Claims 1-12 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
Claims 1-4 of Patent 11,750,659.
Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-12 are anticipated by claims 1-4 of Patent 11,750,659.
Claims 1-12 are non-provisionally rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over:
Claims 1-6 of Patent 11,025,674.
Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-12 are anticipated by claims 1-6 of Patent 11,025,674.
Patent No. 12,058,177 (17/220,150)
Instant Application No. (18/796,255)
Claim 1. A system for cybersecurity profiling and rating using internal and external reconnaissance, comprising:
a cyber-physical graph module comprising a first plurality of programming instructions stored in a memory of, and operating on a processor of, a computing device, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to create a cyber-physical graph of an organization using information about the organization, the cyber-physical graph comprising nodes representing entities associated with the organization and edges representing relationships between entities associated with the organization;
a reconnaissance engine comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to:
perform a reconnaissance search using the cyber-physical graph; and apply a plurality of results of the reconnaissance search to the cyber-physical graph to create a cybersecurity profile of the organization; and a scoring engine comprising a third plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the third plurality of programming instructions, when operating on the processor, cause the computing device to: receive the cybersecurity profile and the reconnaissance search results; using the cyber-physical graph and the reconnaissance search results: assign a criticality score to each of a plurality of nodes within the cyber-physical graph, the criticality score indicating a measure of importance of the respective entity represented by a node; identify a plurality of cybersecurity risks associated with each of the nodes to which a relative value was assigned; identify an anomalous event based on analysis of cyber-physical graph and the reconnaissance search results; assign a risk value to the identified anomalous event, the risk value being determined based on the assigned criticality score for a node associated with the anomalous event; and determine an effectiveness score for the network based on the cyber-physical graph and the risk value.
Claim 1. A computing system for cybersecurity profiling and rating using internal and external reconnaissance, comprising:
one or more hardware processors configured for:
creating a graph of an organization using information about the organization, the graph comprising nodes representing entities associated with the organization and edges representing relationships between these entities; performing a reconnaissance search using the graph; applying the results of the reconnaissance search to the graph to create a profile of the organization; and
using the graph and the reconnaissance search results to:
assign a score to each node within the graph, indicating the importance of the entity represented by that node; identify risks associated with each node to which a score was assigned; identify an anomalous event based on analysis of the graph and the reconnaissance search results; assign a risk value to the identified anomalous event, determined based on the score of the associated node; and determine an effectiveness score for the network based on the graph and the risk value.
Patent No. 11,750,659 (17/216,939)
Instant Application No. (18/796,255)
Claim 1. A system for cybersecurity profiling and rating using internal and external reconnaissance, comprising:
a cyber-physical graph module comprising a first plurality of programming instructions stored in a memory of, and operating on a processor of, a computing device, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to create a cyber-physical graph of an organization, the cyber-physical graph comprising nodes representing entities associated with the organization and edges representing relationships between entities associated with the organization;
a reconnaissance engine comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to: perform a reconnaissance search using the cyber-physical graph; and apply some or all of the results of the reconnaissance search to the cyber-physical graph to create a cybersecurity profile of the organization; and a scoring engine comprising a third plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the third plurality of programming instructions, when operating on the processor, cause the computing device to: receive the cybersecurity profile and the results of the reconnaissance search; using the cyber-physical graph and the reconnaissance search results: estimate a frequency and severity of cyber-attacks on the organization; identify a plurality of cybersecurity risks associated with the organization; determine a business impact for each cybersecurity risk identified; assign a network resilience rating to the organization; and determine a functional cybersecurity score for the organization based at least on the network resilience rating.
Claim 1. A computing system for cybersecurity profiling and rating using internal and external reconnaissance, comprising:
one or more hardware processors configured for:
creating a graph of an organization using information about the organization, the graph comprising nodes representing entities associated with the organization and edges representing relationships between these entities; performing a reconnaissance search using the graph; applying the results of the reconnaissance search to the graph to create a profile of the organization; and
using the graph and the reconnaissance search results to:
assign a score to each node within the graph, indicating the importance of the entity represented by that node; identify risks associated with each node to which a score was assigned; identify an anomalous event based on analysis of the graph and the reconnaissance search results; assign a risk value to the identified anomalous event, determined based on the score of the associated node; and determine an effectiveness score for the network based on the graph and the risk value.
Patent No. 11,025,674 (16/777,270)
Instant Application No. (18/796,255)
Claim 1. A system for cybersecurity profiling and rating using internal and external reconnaissance, comprising:
a cyber-physical graph module comprising a first plurality of programming instructions stored in a memory of, and operating on a processor of, a computing device, wherein the first plurality of programming instructions, when operating on the processor, cause the computing device to: receive information about an organization, the information comprising entities associated with the organization and relationships between entities associated with the organization; create a cyber-physical graph of the organization using the information, the cyber-physical graph comprising nodes representing the entities associated with the organization and edges representing the relationships between entities associated with the organization;
a reconnaissance engine comprising a second plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the second plurality of programming instructions, when operating on the processor, cause the computing device to: determine a reconnaissance search to be performed using the cyber-physical graph; identify a search tool to perform the reconnaissance search; instantiate a search task using the search tool; receive search data from the search task; apply some or all of the search data to the cyber-physical graph to create a cybersecurity profile of the organization; and send the cybersecurity profile and search data to a scoring engine; and a scoring engine comprising a third plurality of programming instructions stored in the memory of, and operating on the processor of, the computing device, wherein the third plurality of programming instructions, when operating on the processor, cause the computing device to: receive the cybersecurity profile and search data; using the cyber-physical graph and the search data: estimate a frequency and severity of cyber-attacks on the organization; identify a plurality of cybersecurity risks associated with the organization; determine a business impact for each cybersecurity risk identified; assign a network resilience rating to the organization; receive a context for scoring; and assign a functional cybersecurity score by adjusting the network resilience rating based on the context.
Claim 1. A computing system for cybersecurity profiling and rating using internal and external reconnaissance, comprising:
one or more hardware processors configured for:
creating a graph of an organization using information about the organization, the graph comprising nodes representing entities associated with the organization and edges representing relationships between these entities; performing a reconnaissance search using the graph; applying the results of the reconnaissance search to the graph to create a profile of the organization; and
using the graph and the reconnaissance search results to:
assign a score to each node within the graph, indicating the importance of the entity represented by that node; identify risks associated with each node to which a score was assigned; identify an anomalous event based on analysis of the graph and the reconnaissance search results; assign a risk value to the identified anomalous event, determined based on the score of the associated node; and determine an effectiveness score for the network based on the graph and the risk value.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over Jed Crosby (US 20160350442 A1) in view of Jisheng Wang (US 2015/0373039 A1).
Regarding Claims 1, 4, 7 and 10, Crosby discloses
creating a graph of an organization using information about the organization, the graph comprising nodes representing entities associated with the organization and edges representing relationships between these entities ([0034], “an arrangement of log nodes and log node pairs for generating a graph of nodes and edges… Each log line may be generated when a user interacts or “clicks” on a data object in an enterprise system”);
performing a reconnaissance search using the graph ([0029], “The search query may be processed by enterprise server 104, which sends a request to search graph database 120”);
applying the results of the reconnaissance search to the graph to create a profile of the organization ([0029], “Upon receiving search results from search graph database 120, enterprise server 104 may forward the search results to user system 108 for display on a display device of user system 108. Independently, enterprise server 104 may retrieve and process data from log database 112 and CRM database 116 over an extended time to generate and update search graph data stored in search graph database 120”);
Crosby does not explicitly teach but Wang teaches
using the graph and the reconnaissance search results to:
assign a score to each node within the graph, indicating the importance of the entity represented by that node ([0099], “where the probability threat score information is received from the centralized controller 240”, [0102], “generates a threat score for domain 1 at operation 745”);
identify risks associated with each node to which a score was assigned ([0062], “The entity risk modeling engine 340 models and monitors the risk of threats for each individual user of the customer for a certain duration of time”);
identify an anomalous event based on analysis of the graph and the reconnaissance search results ([0005], “techniques for profiling the behavior of an individual entity (e.g., user, machine, service, etc.) and monitoring that entity for anomalous behavior”, [0043], “The flow records 282 allow the data analysis engine 220 (or network sensor engine 200.sub.1 itself) to formulate a threat exposure mapping (e.g., display of communication paths undertaken by network devices within the enterprise network 140), which may be used to detect anomalous communication patterns through deviations in normal communications by one or more of the network devices, such as an endpoint device”);
assign a risk value to the identified anomalous event, determined based on the score of the associated node ([0062], “a user-behavior based risk score may be generated”, [0099], “run graph analytics modeling such as belief propagation or page rank to assign a risk score to each domain in the domain corpus”); and
determine an effectiveness score for the network based on the graph and the risk value ([0099], “run graph analytics modeling such as belief propagation or page rank to assign a risk score to each domain in the domain corpus…The data analysis engine 220 can query the centralized controller 240 for the domain risk score and/or access a local cache of the global intelligence stored on the data analysis engine for the domain risk score”).
Crosby and Wang are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wang with the disclosure of Crosby. The motivation/suggestion would have been to use Pathfinder algorithm to monitoring that entity for anomalous behavior (Wang, [0104]).
Regarding Claims 2, 5, 8 and 11, the combined teaching of Crosby and Wang teaches
wherein the information about the organization further comprises information about processes within the organization (Crosby, [0029], “Upon receiving search results from search graph database 120, enterprise server 104 may forward the search results to user system 108 for display on a display device of user system 108. Independently, enterprise server 104 may retrieve and process data from log database 112 and CRM database 116 over an extended time to generate and update search graph data stored in search graph database 120”).
Regarding Claims 3, 6, 9 and 12, the combined teaching of Crosby and Wang teaches
wherein the information about the organization further comprises historical information for the organization (Crosby, [0031], “Each log may be structured to include a “history” or sequential list of log lines for each user action recorded in the log”),
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186. The examiner can normally be reached Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHENG-FENG HUANG/Primary Examiner, Art Unit 2497
Prosecution Insights