ADAPTABLE, SCALABLE, AND AUTONOMOUS PROTECTION VERIFICATION AND DECISION SUPPORT

Detailed Action This office action is in response to filing of 02/13/2026. Claims 1-20 are pending. No claims have been withdrawn or cancelled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 12/19/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is considered by the examiner. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) (1-3), (8-10), and (15-16) is/are rejected under 35 U.S.C. 103 as being unpatentable over Bazalgette (US 20230403294 A1), hereafter Bazalgette in view of, Engle (US 20200389482 A1) hereafter ENGLE. Regarding claim 1, BAZALGETTE teaches: A method comprising: obtaining information associated with assets and/or personnel to be protected (BAZALGETTE [0005] “Methods, systems, and apparatus are disclosed for an Artificial Intelligence-based cyber security system.”, [0028] The gather module 110 may be configured with one or more process identifier classifiers. Each process identifier classifier may be configured to identify and track one or more processes and/or devices in the network, under analysis, making communication connections. The data store 135 cooperates with the process identifier classifier to collect and maintain historical data of processes and their connections, which is updated over time as the network is in operation.); executing a set of weighting functions and a set of algorithms for protecting the assets and/or personnel (BAZALGETTE [0059] “This process is repeated for each node of the network being protected within graph 300 (i.e., excluding external endpoints etc.) to give each node a severity score. It is noted that an edge may be assigned different severity scores when determining the severity score of each of the two nodes it connects.”, [0062] “In particular, artificial intelligence modules of the restoration engine may learn from past cyber attacks how effective different actions and sequences of actions were to remediate and restore compromised nodes and adjust the weights assigned to different types of interaction accordingly.”), the weighting functions and algorithms arranged in multiple levels of a hierarchy; wherein each level of the hierarchy includes one or more of the weighting functions and one or more of the algorithms (BAZALGETTE [0061] “Returning to FIG. 3B, while a “lateral movement” interaction is given a severity score of 0.7 or 0.3 depending upon whether a node is the source of the target of the interaction, different types of interaction may be assigned different severity scores. For example, in graph 300, the source of an “encryption” interaction (e.g., node F) may have 1.0 contributed to its overall severity score by that edge, while the target of an “encryption” interaction (e.g., nodes G, H and I) may have 0.2 contributed to its overall severity score by that edge.”); and wherein the one or more weighting functions and the one or more algorithms in at least one level of the hierarchy are applied across a timeline (BAZALGETTE [0083] “The cyber-security restoration engine can look at the predicted network behavior of the device(s) on a normal timeframe, for example, a time window of seven days of what we′d expect each device to do. The cyber-security restoration engine can then compare that predicted network behavior of the device(s) on a normal timeframe to the state of devices as a result of the cyber attack and obtain prioritization data. The cyber-security restoration engine determines essentially what devices/users/things should be healed (either fully or mostly restored) first and any required order of the healing and restoration, and the extent the restoration of permissions and connections need to be restored during the restoration process while still mitigating the threat from the cyber attack. The cyber-security restoration engine assists in determining a restoration process and automatically performing the restoration”); and applying an artificial intelligence/machine learning (AI/ML) algorithm across the timeline to update results due to one or more changes during one or more operations involving the assets and/or personnel (BAZALGETTE [0110] “The AI models trained on forming and investigating hypotheses are updated with unsupervised machine learning algorithms when correctly supporting or refuting the hypotheses including what additional collected data proved to be the most useful.”, [0116] “Note, if later confirmed as malicious, then the AI models 160 trained with machine learning on possible cyber threats can update their training. Likewise, as the cyber security appliance 100 continues to operate, then the one or more AI models trained on a normal pattern of life for each of the entities in the system can be updated and trained with unsupervised machine learning algorithms.”). Further regarding claim 1, BAZALGETTE teaches the limitations previously demonstrated, BAZALGETTE does not teach but in a related art, ENGLE teaches: wherein the information associated with assets and/or personnel includes scores for a plurality of measures of effectiveness (MOEs) comprising at least criticality, accessibility, vulnerability, and effect for each asset and/or person([0062] “Specifically, under the CARVER analysis 342, the evaluation method 300 may determine a plurality of scores associated with the criticality, accessibility, recuperability, vulnerability, effect, and recognizability of the threat 310 and its effects on the user's baseline network architecture, such as the aforementioned determined assets 341.”); Since both BAZALGETTE and ENGLE are from the same field of endeavor as both are directed to cybersecurity prioritization, which is within the same field of endeavor as the claimed invention, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify and combine the teachings of BAZALGETTE and ENGLE by incorporating the teachings of ENGLE into BAZALGETTE for providing cybersecurity measures and prioritization as claimed. The motivation to combine is to improve detection and classification of cybersecurity aspects since this implementations offers improved analysis and performance due to the inherent data processing (BAZALGETTE [AB]; ENGLE [AB]). Regarding claim 2, BAZALGETTE-ENGLE teaches: The method of Claim 1, wherein, for at least one level of the hierarchy, the one or more weighting functions and the one or more algorithms are applied across the timeline based on one or more probability distribution functions (BAZALGETTE [0120] “Since the likelihood of anomalies in general is very low, the modules cooperating with the AI model of normal behavior can say with high confidence that data points spread near the mean value are non-anomalous. And since the probability distribution values between mean and two standard-deviations are large enough, the modules cooperating with the AI model of normal behavior can set a value in this example range as a threshold”). Regarding claim 3, BAZALGETTE-ENGLE teaches: The method of Claim 2, wherein the one or more probability distribution functions are derived through curve fitting (BAZALGETTE [0120] “In an example, 95% of data in a normal distribution lies within two standard-deviations from the mean. Since the likelihood of anomalies in general is very low, the modules cooperating with the AI model of normal behavior can say with high confidence that data points spread near the mean value are non-anomalous. And since the probability distribution values between mean and two standard-deviations are large enough, the modules cooperating with the AI model of normal behavior can set a value in this example range as a threshold (a parameter that can be tuned over time through the self-learning), where feature values with probability larger than this threshold indicate that the given feature's values are non-anomalous, otherwise it's anomalous.”, [0124] “The AI model(s) 160 trained on a normal pattern of life of entities in a domain under analysis may perform the threat detection through a probabilistic change in a normal behavior through the application of, for example, an unsupervised Bayesian mathematical model to detect a behavioral change in computers and computer networks.” Bayesian linear regression is a curve fitting model.). Regarding claims (8-10) and (15-16), claims (8-10) and (15-16) recite substantially similar limitations as claims (1-3), but for recitation in the form of an apparatus and non-transitory computer readable medium, respectively. BAZALGETTE-ENGLE further teaches an apparatus and a non-transitory computer readable medium (BAZALGETTE [0228] “Thus, any portions of the method, apparatus and system implemented as software can be stored in one or more non-transitory memory storage devices in an executable format to be executed by one or more processors.”). Claim(s) (4-7), (11-14), and (17-20) is/are rejected under 35 U.S.C. 103 as being unpatentable over Bazalgette-Engle as applied to claim 1 above, and further in view of SARIPALLI (US 20250088538 A1), hereafter SARIPALLI. Regarding claim 4, BAZALGETTE-ENGLE teaches the method of claim 1, BAZALGETTE-ENGLE does not teach but in a related art, SARIPALLI teaches: wherein the AI/ML algorithm is configured to dynamically establish and apply policies for a protection update function (SARIPALLI [0420-0424] “1300 flowchart; 1300 also refers to dynamic security policy generation methods that are illustrated by or consistent with the FIG. 13 flowchart or any variation of the FIG. 13 flowchart described herein… 1306 computationally generate or update a security policy [0424] 1308 computationally configure a machine per a security policy”) and optimization of critical personnel or asset protection across the timeline (SARIPALLI [0444-0446] “[0444] 1438 computationally obtain feedback regarding a recommendation, e.g., from a user interface or event tracking [0445] 1440 computationally tune a security policy [0446] 1442 computationally close a security gap”). Since both BAZALGETTE-ENGLE and SARIPALLI are from the same field of endeavor as both are directed to cybersecurity prioritization, which is within the same field of endeavor as the claimed invention, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify and combine the teachings of BAZALGETTE-ENGLE and SARIPALLI by incorporating the teachings of SARIPALLI into BAZALGETTE-ENGLE for providing cybersecurity measures and prioritization as claimed. The motivation to combine is to improve detection and classification of cybersecurity aspects since this implementations offers improved analysis and performance due to the inherent data processing (BAZALGETTE [AB]; ENGLE [AB]; SARIPALLI [AB]). This reasoning and rationale for combination is equally applicable to each rejection hereafter. Regarding claim 5, BAZALGETTE-ENGLE in view of SARIPALLI teaches: The method of Claim 4, wherein the AI/ML algorithm comprises a reinforcement learning algorithm (SARIPALLI [0441] “1432 computationally utilize feedback regarding a recommendation, e.g., by modifying a model based at least partially on the feedback”). Regarding claim 6, BAZALGETTE-ENGLE in view of SARIPALLI teaches: The method of Claim 1, further comprising: dynamically scaling processing resources to accommodate protection decision-making associated with an increasing or decreasing number of assets and/or personnel to be protected prior to and during the timeline (SARIPALLI [0233] “Also, threads of a process share a given address space, whereas different processes have different respective address spaces. The threads of a process may run in parallel, in sequence, or in a combination of parallel execution and sequential execution (e.g., time-sliced).”). Regarding claim 7, BAZALGETTE-ENGLE in view of SARIPALLI teaches: The method of Claim 1, wherein: each level of the hierarchy is associated with at least one of: one or more priorities, one or more mission objectives, and one or more desired outcomes (SARIPALLI [0031] “In some embodiments, the security policy generator upon execution ranks at least two of the security policy recommendations at least in part by prioritizing, and the prioritizing satisfies at least one of: a higher data classifier accuracy contributes to a higher priority; a greater workload vulnerability contributes to a higher priority; a larger set of implicated users contributes to a higher priority; or a higher frequency of a behavior contributes to a higher priority. Prioritizing the security policy recommendations in this manner provides the technical benefit of focusing subsequent security activities on risks that are more likely to materialize, risks that are more urgent, or risks that have greater potential impact;”); and the AI/ML algorithm increases assessment fidelity and associated confidence (BAZALGETTE [0120] “Merely, when a combination of all the probability values for all features for a given data point is calculated can the modules cooperating with the AI model of normal behavior can say with high confidence whether a data point is an anomaly or not.”, [0149] “If the pattern of behaviours under analysis is believed to be indicative of a malicious actor, then a score of how confident is the system in this assessment of identifying whether the unusual pattern was caused by a malicious actor is created.”). Regarding claims (11-14), and (17-20), claims (11-14), and (17-20) recite substantially similar limitations as claims (4-7), but for recitation in the form of an apparatus and non-transitory computer readable medium, respectively. BAZALGETTE-ENGLE in view of SARIPALLI further teaches an apparatus and a non-transitory computer readable medium (BAZALGETTE [0228] “Thus, any portions of the method, apparatus and system implemented as software can be stored in one or more non-transitory memory storage devices in an executable format to be executed by one or more processors.”). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kamryn Gillespie whose telephone number is 703-756-5498. The examiner can normally be reached on Monday through Thursday from 9am to 6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pairdirect.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /K.J.G./Examiner, Art Unit 2408 /LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408