DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1 is rejected on the ground of nonstatutory Obviousness-Type double patenting as being unpatentable over claims 1 of Patent No. 12,072,986. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter claimed in the claim(s) of the instant application is fully disclosed and covered by the Application 17/929,676.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
18/809,301
12,072,986
1. A system comprising:
a security and vulnerability analysis processor;
one or more endpoint devices in communication with the security and vulnerability analysis processor through a communication network; and
a vulnerability data ingestion processor configured to obtain, from one or more data sources, security data associated with the one or more endpoint devices;
wherein the security and vulnerability analysis processor includes a machine learning model configured to generate predictions about the risk impact of conducting vulnerability remediations to a particular endpoint device of the one or more endpoint devices, and wherein the machine learning model is trained using a training set comprising the security data associated with the one or more endpoint devices.
1. A system comprising:
a security and vulnerability analysis processor;
a prediction engine configured to select and execute one or more machine learning models and generate a desired prediction;
one or more endpoint devices in communication with the security and vulnerability analysis processor through a communication network, the one or more endpoint devices generating telemetry data used by the one or more machine learning models to generate the desired prediction;
a vulnerability data ingestion processor configured to obtain, from one or more data sources, security data associated with the one or more endpoint devices,
wherein the security data includes at least vulnerability data associated with the one or more endpoint devices;
a centralized database including one or more data repositories containing the security data and storing predictions generated by the machine learning models, and wherein the security data is available as an input for training the one or more machine learning models;
a contextualization engine configured to process the security data from the centralized database, correlate new vulnerability data against existing vulnerability data, attribute any newly resulting vulnerability to a particular endpoint device, and update an endpoint vulnerability profile within the centralized database with the newly resulting vulnerability attributed to the particular endpoint device;
a data ingestion module configured to extract telemetry data from the one or more data repositories based on the desired prediction to be generated by the selected machine learning model and transform the extracted telemetry data into a telemetry data structure required by the particular machine learning model selected;
wherein the prediction engine processes the telemetry data structure associated with the particular endpoint device using the selected machine learning model to generate a prediction about risk impact of conducting vulnerability remediation to the particular endpoint device, and wherein the prediction engine generates meta data about the performance of the machine learning model to generate the prediction about the risk impact; and
a data output module configured to receive the prediction about the risk impact of conducting vulnerability remediation to the particular endpoint device, and store the prediction in the centralized database for reference in making remediation decisions about the particular endpoint device.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claim 1 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Specifically, while the claim recites “wherein the security and vulnerability analysis processor includes a machine learning model configured to generate predictions about the risk impact of conducting vulnerability remediations to a particular endpoint device of the one or more endpoint devices and wherein the machine learning model is trained using a training set comprising the security data associated with the one or more endpoint devices”, the specification lacks a detailed description of any algorithmic details as to how this is accomplished. Although the specification lists the machine learning model is trained using data from endpoint devices and used to generate prediction about risk impact of conducting vulnerability remediation, it largely describes only the desired result without algorithm derives the output based on the input. As a result, the disclosure does not appear to show possession of the full breadth of the claimed anomaly-determination function, particularly if the claim is read to cover broad or ML-based implementations. MPEP 2161.01 states that “It is not enough that one skilled in the art could theoretically write a program to achieve the claimed function, rather the specification itself must explain how the claimed function is achieved to demonstrate that the applicant had possession of it." (84 Fed. Reg. at 61-62 (citing Vasudevan, 782 F.3d at 682-83)).
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing
out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the
invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly
claiming the subject matter which the applicant regards as his invention.
Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
The claim 1 recites limitations involving machine learning, such as “wherein the security and vulnerability analysis processor includes a machine learning model configured to generate predictions about the risk impact of conducting vulnerability remediations to a particular endpoint device of the one or more endpoint devices and wherein the machine learning model is trained using a training set comprising the security data associated with the one or more endpoint devices” without providing sufficient detail to inform, with reasonable certainty, those skilled in the art about the scope of the invention. Specifically, the claim language lacks clarity regarding the type of machine learning model used, the method of training, or how the model achieves the claimed determination.
As established in Nautilus, Inc. v. Biosig Instruments, Inc., 572 U.S. 898, 901, 910, 110 USPQ2d 1688, 1693 (2014), a claim is indefinite if, when read in light of the specification and the prosecution history, it fails to inform, with reasonable certainty, those skilled in the art about the scope of the invention. Additionally, MPEP § 2173.02 emphasizes that claims must be clear and precise to delineate the metes and bounds of the subject matter to be protected.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Applying the subject matter eligibility test, as outlined in MPEP 2106:
Step 1: Statutory Category
The claim fall within a statutory category. Claim 1 is considered “machine” based claim. Both machines and processes are members of the statutory categories. Thus, the analysis moves towards step 2A, prong one of the subject matter eligibility test.
Step 2A, Prong One: Judicial Exception
The claims recite a judicial exception, specifically an abstract idea. For example, claim 1 recites obtain security data and use the security data to generate predictions about the risk impact of conducting vulnerability remediations. The courts found that a claim to "collecting information, analyzing it, and displaying certain results of the collection and analysis," where the data analysis steps are recited at a high level of generality such that they could practically be performed in the human mind, Electric Power Group v. Alstom, S.A., 830 F.3d 1350, 1353-54, 119 USPQ2d 1739, 1741-42 (Fed. Cir. 2016). Thus, it is an abstract idea, specifically falling under mental processes. Thus, the analysis moves towards step 2A, prong two.
Step 2A, Prong Two: Integration into a Practical Application
The claim does not integrate the abstract idea into a practical application. The additional elements, such as a security and vulnerability analysis processor, one or more endpoint devices, using a machine learning model and network do not impose any meaningful limits of on the abstract idea. In Recentive Analytics, Inc. v. Fox Corp., 2023-2437 (Fed. Cir. Apr. 18, 2025), the Federal Circuit held that applying generic machine learning techniques to a specific field without improving the underlying technology does not constitute a practical application. The court emphasized that claims must delineate how the machine learning technology achieves a technological improvement. Thus, the analysis moves towards step 2B.
Step 2B: Inventive concept
Finally, the claim does not recite an inventive concept that transforms the abstract idea into a patent-eligible application. The use of machine learning in a generic manner, without specifying a novel algorithm or unique training methodologies, fails to add significantly more to the abstract idea. As noted in Recentive, merely applying existing machine learning models to new data environments, without disclosing improvements to the models themselves, is insufficient for patent eligibility.
Because none of these recitations describe a fundamental improvement to computer technology itself (e.g., an improved machine learning algorithm), the claim is “directed to” an abstract idea.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (Patent No.: US 10242201, hereinafter Chen) in view of Engelberg et al. (US 2023/0076372, hereinafter Engelberg).
Regarding claim 1: Chen teaches: A system comprising:
a security and vulnerability analysis processor; one or more endpoint devices in communication with the security and vulnerability analysis processor through a communication network (Chen - [Col. 5, Line 48-52]: in FIG. 2, system 200 may include a computing device 202 in communication with a target client machine 208 in a set of client machines 206 via a network 204. In one example, all or a portion of the functionality of modules 102 may be performed by computing device 202, set of client machines 206, target client machine 208, and/or any other suitable computing system); and
a vulnerability data ingestion processor configured to obtain, from one or more data sources, security data associated with the one or more endpoint devices (Chen - [Col. 6, Line 16-18]: computing device 202 may first receive telemetry data 210 from set of client machines 206 via network 204. Computing device 202 may then determine telemetry data 210 is missing telemetry data for selected security product 212 for target client machine 208);
wherein the security and vulnerability analysis processor includes a machine learning model configured to generate predictions about the risk impact … and wherein the machine learning model is trained using a training set comprising the security data associated with the one or more endpoint devices (Chen - [Col. 1, Line 63-64]: training a machine learning model to predict the security incidents in the missing telemetry data. [Col. 5, Line 33-36]: a function for classifying telemetry data into security incidents, and/or a new security incident 124, which may include a predicted security event for a client device).
However, Chen doesn’t explicitly teach, but Engelberg discloses:
risk impact of conducting vulnerability remediations to a particular endpoint device of the one or more endpoint devices, (Engelberg - [0059]: In general, the AgiRem service 210 provides remediation options to avoid predicted impacts. For example, the AgiRem service 210 provides options to reduce lateral movement of hackers within the network and to reduce the attack surface. The AgiRem service 210 predicts the impact of asset vulnerabilities on the critical processes and adversary capabilities along kill chain/attack paths and identifies the likelihood of attack paths to access critical assets and prioritizes the assets).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Chen with Engelberg so that the prediction of risk impact provides remediation options. The modification would have allowed the system to provide remediation options to avoid predicted impacts.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Jou et al. (Pub. No.: US 2019/0318203) - SYSTEM AND METHOD FOR CUSTOM SECURITY PREDICTIVE METHODS
Nickolov et al. (Pub. No.: US 20170034023) - TECHNIQUES FOR EVALUATING SERVER SYSTEM RELIABILITY, VULNERABILITY AND COMPONENT COMPATIBILITY USING CROWDSOURCED SERVER AND VULNERABILITY DATA
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729. The examiner can normally be reached M-F 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MENG LI/
Primary Examiner, Art Unit 2437