DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 02/25/2026. In the instant Amendment, Claims 1 and 9-10 have been amended. Claims 11-19 have been added. Claims 1 and 9-10 are independent claims. Claims 1-19 have been examined and are pending. This Action is made FINAL.
Response to Arguments
Applicants’ arguments with respect to claims 1-19 have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-6, 8-10, 12-13, 15-16, and 18-19 are rejected under 35 U.S.C. 103 as being patentable over Wang et al. (“Wang,” TW M647860, filed on 06/27/2023) in view of JIN et al. (“JIN,” CN 113326514 B, published on 10/29/2021).
Regarding Claim 1;
Wang discloses a display device comprising: a memory storing instructions; and at least one processor configured to execute the instructions to (abstract: a computing device used to evaluate the fraud risk of a domain name, is suitable for evaluating the fraud risk level of a domain name, and includes a domain name reverse check module and a risk assessment module):
identify an organization unit name for managing each network asset included in a cyber security risk assessment target and identification information of the each network asset (page 6, par 8; determines whether the IP address risk correspondence table of the risk level of the business name
obtains a fourth score corresponding to the IP address; page 6, par 10; analyzes the name of the Internet service provider corresponding to the IP address based on the IP address);
acquire a third-party assessment value for each organization based on information identifying the organization unit name and the identification information of the each network asset (page 6, par 10; analyzes the name of the Internet service provider corresponding to the IP address; page 6, par 12; obtains the risk level corresponding to the Internet service provider name, and According to the corresponding Internet service provider The risk level of the business name is the fourth score corresponding to the IP address); and
the third-party assessment value for the each organization (page 7, par 2; Since the name of the Internet service provider corresponding to the reverse-checked IP address is "Google", and "Google" is not in the other IP address risk correspondence table, Therefore, the fourth score of the reverse IP address is 0).
Wang discloses the third-party assessment value for the each organization as recited above, but do not explicitly disclose display the third-party assessment value. display the third-party assessment value for the each organization, wherein the third-party assessment value is adjusted according to a number of network assets in the cyber security risk assessment target.
However, in an analogous art, JIN discloses risk assessment method of network asset system/method that includes:
display the third-party assessment value for the each organization, wherein the third-party assessment value is adjusted according to a number of network assets in the cyber security risk assessment target (JIN: page 6, par 7; scan the whole network asset, and safety to the database to the scanning result, namely establishing the corresponding asset information table for different types of network assets, the asset information stored in the asset information table to display; page 7, par 6; after obtaining the risk score of each network asset in the network asset set, obtaining the risk score of the network asset set by averaging the risk scores of all network assets [i.e., according to a number of network assets]; then setting different threshold values corresponding to different health states for different risk scores of different network asset lengths; can be adjusted according to the actual condition).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of JIN with the method/system of Wang to include display the third-party assessment value for the each organization, wherein the third-party assessment value is adjusted according to a number of network assets in the cyber security risk assessment target. One would have been motivated to determining risk score of any one network asset in the network asset information set; according to the risk score, determining the safety asset set, improving the accuracy of network asset identification scanning (JIN: abstract).
Regarding Claim 2;
The combination of Wang and JIN disclose the display device according to claim 1,
Wang discloses wherein the at least one processor is further configured to execute the instructions to: acquire a third-party assessment value obtained a predetermined period ago for each organization, and a difference, in a third-party assessment value, from the predetermined period ago for the each organization (Wang: page 3, par 6; obtain a delay time corresponding to the domain name system server and a routing layer number corresponding to the domain name system server, and based on the delay time and the routing layer number, Obtain a second weight corresponding to this DNS server; page 5, par 9-10; the fraud risk score corresponding to the IP address is used as a first score for the IP address. In this embodiment, the risk assessment model is, for example, an assessment model provided by a Scamalytics platform, which can give a fraud risk score between 0 and 100 based on the input IP address. [] for each IP address in the reverse query IP address list, the risk assessment module 12 uses another risk assessment model for obtaining a fraud risk score based on the input IP address, Another fraud risk score corresponding to the IP address is obtained as a second score for the IP address. In this embodiment, the other risk assessment model is, for example, an assessment model provided by a Getipintel platform, which can give a fraud risk score between 0 and 1).
JIN further discloses display assessment value (JIN: page 6, par 7; scan the whole network asset, and safety to the database to the scanning result, namely establishing the corresponding asset information table for different types of network assets, the asset information stored in the asset information table to display; page 7, par 6; after obtaining the risk score of each network asset in the network asset set, obtaining the risk score of the network asset set by averaging the risk scores of all network assets; then setting different threshold values corresponding to different health states for different risk scores of different network asset lengths; can be adjusted according to the actual condition).
The motivation is the same that of claim 1 above.
Regarding Claim 3;
The combination of Wang and JIN disclose the display device according to claim 1,
Wang discloses wherein the at least one processor is further configured to execute the instructions to: acquire a reference value for a third-party assessment for each organization, and a third-party assessment in a different mode according to a difference from the reference value for the each organization (Wang: page 4, par 3; stores a plurality of preset risk threshold ranges for evaluating multiple different risk levels of an IP address; page 10, par 1; the risk assessment module stores a plurality of pre-established risk threshold ranges for assessing multiple different risk levels of an IP address, for each IP address, the risk assessment module obtains the IP address risk level corresponding to the IP address based on the risk score corresponding to the IP address and the risk threshold range; page 6, par 12; obtains the risk level corresponding to the Internet service provider name, and According to the corresponding Internet service provider The risk level of the business name is the fourth score corresponding to the IP address).
JIN further discloses display assessment (JIN: page 6, par 7; scan the whole network asset, and safety to the database to the scanning result, namely establishing the corresponding asset information table for different types of network assets, the asset information stored in the asset information table to display; page 7, par 6; after obtaining the risk score of each network asset in the network asset set, obtaining the risk score of the network asset set by averaging the risk scores of all network assets; then setting different threshold values corresponding to different health states for different risk scores of different network asset lengths; can be adjusted according to the actual condition).
The motivation is the same that of claim 1 above.
Regarding Claim 4;
The combination of Wang and JIN disclose the display device according to claim 1,
Wang discloses wherein the at least one processor is further configured to execute the instructions to: acquire a third-party assessment value of an entire organization regarding a cyber security risk, and a third-party assessment value for each organization and a third-party assessment value of the entire organization (Wang: page 6, par 12; obtains the risk level corresponding to the Internet service provider name, and According to the corresponding Internet service provider The risk level of the business name is the fourth score corresponding to the IP address; page 5, par 9-10; for example, an assessment model provided by a Scamalytics platform, which can give a fraud risk score between 0 and 100 based on the input IP address [] the other risk assessment model is, for example, an assessment model provided by a Getipintel platform, which can give a fraud risk score between 0 and 1).
JIN further discloses display assessment (JIN: page 6, par 7; scan the whole network asset, and safety to the database to the scanning result, namely establishing the corresponding asset information table for different types of network assets, the asset information stored in the asset information table to display; page 7, par 6; after obtaining the risk score of each network asset in the network asset set, obtaining the risk score of the network asset set by averaging the risk scores of all network assets; then setting different threshold values corresponding to different health states for different risk scores of different network asset lengths; can be adjusted according to the actual condition).
The motivation is the same that of claim 1 above.
Regarding Claim 5;
The combination of Wang and JIN disclose the display device according to claim 1,
JIN discloses wherein the at least one processor is further configured to execute the instructions to: acquire a response state to a cyber security risk pointed out for each organization, and display the response state for the each organization (JIN: page 6, par 7; scan the whole network asset, and safety to the database to the scanning result, namely establishing the corresponding asset information table for different types of network assets, the asset information stored in the asset information table to display; page 7, par 6; after obtaining the risk score of each network asset in the network asset set, obtaining the risk score of the network asset set by averaging the risk scores of all network assets; then setting different threshold values corresponding to different health states for different risk scores of different network asset lengths; can be adjusted according to the actual condition; page 8, par 5; collect the public vulnerability in the network through the external, then creating in the internal self-defined scanning mode, for example, according to the collected vulnerability type of the disclosed vulnerability, associated with the vulnerability of each network asset in the network asset set to be scanned; feature information the vulnerability of each network asset, and storing in the asset information table to display).
The motivation is the same that of claim 1 above.
Regarding Claim 6;
The combination of Wang and JIN disclose the display device according to claim 5,
JIN discloses wherein the at least one processor is further configured to execute the instructions to: receive information about a cyber security risk to be displayed in the response state, and display a response state to a cyber security risk related to the information (JIN: page 6, par 7; scan the whole network asset, and safety to the database to the scanning result, namely establishing the corresponding asset information table for different types of network assets, the asset information stored in the asset information table to display; page 7, par 6; after obtaining the risk score of each network asset in the network asset set, obtaining the risk score of the network asset set by averaging the risk scores of all network assets; then setting different threshold values corresponding to different health states for different risk scores of different network asset lengths; can be adjusted according to the actual condition; page 8, par 5; collect the public vulnerability in the network through the external, then creating in the internal self-defined scanning mode, for example, according to the collected vulnerability type of the disclosed vulnerability, associated with the vulnerability of each network asset in the network asset set to be scanned; feature information the vulnerability of each network asset, and storing in the asset information table to display).
The motivation is the same that of claim 1 above.
Regarding Claim 8;
The combination of Wang and JIN disclose the display device according to claim 5,
JIN discloses wherein the at least one processor is further configured to execute the instructions to: display an updated third-party assessment value for each organization in a case where a change occurs in the response state (JIN page 8, pars 4-5; collecting version number of issuing version of some host type assets; determining the host type asset belonging to the version number based on the version number; then obtaining the rest asset information of the host asset according to the asset IP of each host type asset and storing in the asset information table to display. the network device SNMP service and the host computer system actively install the Agent mode to scan or collect the CPU utilization rate and the memory utilization rate of the network asset in the network asset; disk utilization rate and network bandwidth and so on belongs to the network asset dynamic change of asset information, also can be stored in the asset information table for display; vulnerability characteristic, which is the vulnerability of the feature information, such as vulnerability type, number, damage degree and so feature information. vulnerability characteristic library; it can collect the public vulnerability in the network through the external, then creating in the internal self-defined scanning mode, for example, according to the collected vulnerability type of the disclosed vulnerability, associated with the vulnerability of each network asset in the network asset set to be scanned; feature information the vulnerability of each network asset, and storing in the asset information table to display).
The motivation is the same that of claim 1 above.
Regarding Claim 9;
This Claim recites a method that perform the same steps as device of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.
Regarding Claim 10;
This Claim recites a non-transitory recording medium that perform the same steps as device of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.
Regarding Claim 12;
The combination of Wang and JIN disclose the display device according to claim 1,
Jin discloses wherein the at least one processor is further configured to execute the instructions to: transmit information associating the organization unit name with the identification information of the each network asset to an external server (JIN: page 8, par 5; vulnerability characteristic, which is the vulnerability of the feature information, such as vulnerability type, number, damage degree and so feature information. vulnerability characteristic library; it can collect the public vulnerability in the network through the external); and receive the third-party assessment value from the external server (JIN: page 8, par 5; vulnerability characteristic, which is the vulnerability of the feature information, such as vulnerability type, number, damage degree and so feature information. vulnerability characteristic library; it can collect the public vulnerability in the network through the external, then creating in the internal self- defined scanning mode, for example, according to the collected vulnerability type of the disclosed vulnerability, associated with the vulnerability of each network asset in the network asset set to be scanned; feature information the vulnerability of each network asset, and storing in the asset information table to display; page 10, par 10; combining the number of virus in the network asset, calculating the risk score of virus, namely risk score of virus = high risk virus number * single high risk virus score + middle risk virus number *single middle risk virus score + low risk virus number * single low risk virus score).
The motivation is the same that of claim 1 above.
Regarding Claim 13;
The combination of Wang and JIN disclose the display device according to claim 1,
JIN discloses wherein the each network asset includes at least one of a router, a switch, a hub, a host computer, a server, a wireless access point, an operating system, an application, or a patch (JIN: page 6, par 4; the network asset is a variety of devices used in a computer (or communication) network, mainly including a host, a network device and a safety device, a network device such as a router, a switch, and the like, a safety device such as a firewall, and the like)
The motivation is the same that of claim 1 above.
Regarding Claim 15;
This Claim recites a method that perform the same steps as device of Claim 12, and has limitations that are similar to Claim 12, thus are rejected with the same rationale applied against claim 12.
Regarding Claim 16;
This Claim recites a method that perform the same steps as device of Claim 13, and has limitations that are similar to Claim 13, thus are rejected with the same rationale applied against claim 13.
Regarding Claim 18;
This Claim recites a non-transitory recording medium that perform the same steps as device of Claim 12, and has limitations that are similar to Claim 12, thus are rejected with the same rationale applied against claim 12.
Regarding Claim 19;
This Claim recites a non-transitory recording medium that perform the same steps as device of Claim 13, and has limitations that are similar to Claim 13, thus are rejected with the same rationale applied against claim 13.
Claim 7 is rejected under 35 U.S.C. 103 as being patentable over Wang et al. (TW M647860) in view of JIN et al. (CN 113326514 B), and further in view of WANG et al. (“WANG,” CN 113220533 A, published on 08/06/2021).
Regarding Claim 7;
The combination of Wang and JIN disclose the display device according to claim 5,
JIN discloses wherein the at least one processor is further configured to execute the instructions to: make a notification to a person-in-charge terminal of an organization in a case where the cyber security risk (JIN: page 6, par 7; scan the whole network asset, and safety to the database to the scanning result, namely establishing the corresponding asset information table for different types of network assets, the asset information stored in the asset information table to display).
The motivation is the same that of claim 1 above.
The combination of Wang and JIN disclose make a notification to a person-in-charge terminal of an organization in a case where the cyber security risk as recited above, but do not explicitly disclose risk is not responded to for a predetermined period or more.
However, in an analogous art, WANG discloses sentiment monitoring system/method that includes:
risk is not responded to for a predetermined period or more (WANG: page 4, par 1; when the risk warning exceeds the preset time without response, automatically performing risk public sentiment information processing; monitoring terminal, for real-time reading system monitoring state, receiving pre-warning information and sending processing scheme indication).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of WANG with the method/system of Wang and JIN to include risk is not responded to for a predetermined period or more. One would have been motivated to process the public sentiment information with high risk automatically or according to the manual intervention result of the monitoring terminal (WANG: abstract).
Claims 11, 14, and 17 rejected under 35 U.S.C. 103 as being patentable over Wang et al. (TW M647860) in view of JIN et al. (CN 113326514 B), and further in view of Padala et al. (“Padala,” US 20030093562, published on 05/15/2003).
Regarding Claim 11;
The combination of Wang and JIN disclose the display device according to claim 1,
The combination of Wang and JIN disclose all the limitations as recited above, but do not explicitly disclose wherein the organization unit name has a hierarchical structure including multiple levels of organization hierarchy.
However, in an analogous art, Padala discloses peer to peer system/method that includes:
wherein the organization unit name has a hierarchical structure including multiple levels of organization hierarchy (Padala: par 0009; multi- network name-to-address resolution relationships at different hierarchical levels)
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Padala with the method/system of Wang and JIN to include wherein the organization unit name has a hierarchical structure including multiple levels of organization hierarchy. One would have been motivated to establishing relationships between the servers managing each network, address discovery may be implemented across the common zone formed by the networks (Padala: abstract).
Regarding Claim 14;
This Claim recites a method that perform the same steps as device of Claim 11, and has limitations that are similar to Claim 11, thus are rejected with the same rationale applied against claim 11.
Regarding Claim 17;
This Claim recites a non-transitory recording medium that perform the same steps as device of Claim 11, and has limitations that are similar to Claim 11, thus are rejected with the same rationale applied against claim 11.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.W./Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439