Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined.
Claim Rejections - 35 USC §112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
The following terms lack proper antecedent basis:
the communication paths – claims 1 and 11.
the plurality of constructs – claim 11.
Claim Rejections - 35 USC §101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims are directed to software per se. Particularly, claims 1 and 11 are directed to a distributed cloud computing system comprising a controller and logic. According to Applicant’s specification, “controller” may refer to as software instance… ([0029]) and “logic” …is representative of hardware, firmware, and/or software…([0023]) In light of the Applicant’s specification, claims 1 and 11 are directed to only software elements, thus the claims are directed to software per se.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-5, 8, 11, 13-15 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Cherkas, U.S. Patent 11,159,383 (hereinafter Cherkas) in view of Pereira et al, U.S. Patent 10,924,503 (hereinafter Pereira).
As per claim 1, Cherkas teaches the invention substantially as claimed for a distributed cloud computing system comprising:
a controller configured to deploy a first virtual private cloud (VPC) in a first cloud computing network, a first gateway in the first VPC, a second VPC in a second cloud computing network, and a second gateway in the second VPC, and wherein a first subset of a plurality of constructs are associated with the first gateway and deployed in the first cloud computing network, and a second subset of the plurality of constructs are associated with the second gateway and deployed in the second cloud computing network (fig. 1; col. 6, lines 9-23; col. 6, line 53-col. 7, line 8; col. 18, lines 59-67, e.g., a controller configured to deploy a first VPC and a second VPC, a first GW in the first VPC, a second GW in the second VPC, constructs associated with first VPC, construct associated with second VPC); and
logic, stored on non-transitory, computer-medium, that, upon execution by one or more processors, causes performance of operations including:
receiving, from the controller, metadata pertaining to each of the first gateway and the second gateway (col. 13, line 63-col. 14, line 35; col. 7, lines 38-60; col. 8, lines 35-47, e.g., receiving, from the controller, metadata pertaining to the first and second gateway);
receiving, from each of the first gateway and the second gateway, network data, wherein the metadata and the network data identify each construct of the plurality of constructs, the communication paths between each construct of the plurality of constructs, and in which cloud computing network each construct of the plurality of constructs is deployed (col. 6, line 53-col. 7, line 8; col. 7, lines 35-47; col. 13, line 63-col. 14, line 15; col. 13, line 63-col. 14, line 35; col. 23, lines 3-9; figs. 3A-5G, e.g., receiving network data from the first and second gateway, wherein metadata and network data identity the constructs, links/paths between constructs, which cloud computing network each construct is deployed); and
generating an alert that the anomaly was detected (col. 15, lines 7-13, e.g., generating an alert/notification of detected anomaly)
Cherkas is silent in regards to detecting anomaly based on fingerprints. Pereira teaches
logic, stored on non-transitory, computer-medium, that, upon execution by one or more processors, causes performance of operations including:
generating a first fingerprint for the first VPC being a statistical measure of a plurality of network metrics during a learning phase (col. 5, line 50-col. 6, line 28; col. 9, lines 8-40, e.g., generating normal behavior for the first VPC being a statistical measure of metrics);
generating a second fingerprint for the second VPC being a statistical measure of the plurality of network metrics during the learning phase (col. 5, line 50-col. 6, line 28; col. 9, lines 8-40, e.g., generating normal behavior for the second VPC being a statistical measure of metrics);
detecting an anomaly in one or more network traffic metrics of either the first VPC or the second VPC based on a comparison of received network traffic and at least one of the first and second fingerprints (col. 6, lines 7-42; col. 9, lines 41-65; col. 12, line 52-col. 13, line 14, e.g., detecting malicious network traffic metrics of the first VPC or the second VPC based on comparison of network traffic and at least one of the normal behavior); and
generating an alert that the anomaly was detected (col. 2, lines 61-64, e.g., generating an alert/notification of detected anomaly).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Pereira’s teaching with Cherkas’s system in order to allow Cherkas’s system to detect anomalies in the network, thus providing network security for Cherkas’s system.
As per claim 3, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Pereira further teach wherein the first fingerprint comprises one or more of the following: data exfiltration, lateral movement, use of ports, use of protocols, distributed denial-of-service attacks, port scan detection, and unencrypted traffic flows (col. 12, lines 21-36).
As per claim 4, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Pereira further teach wherein the learning phase comprises historical network traffic data (col. 14, lines 27-39).
As per claim 5, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Pereira further teach wherein the first fingerprint is generated via a supervised learning technique (col. 28, lines 1-11).
As per claim 8, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Pereira further teach wherein the logic, upon execution by the one or more processors, causes performance of further operations including: responsive to the detection of an anomaly, taking a remediation action comprising one or more of blocking network traffic associated with the anomaly and diverging network traffic associated with the anomaly(col. 4, lines 16-31).
As per claim 11, it is rejected for the same reason as set forth in claim 1 above.
As per claim 13, it is rejected for the same reason as set forth in claim 3 above.
As per claim 14, it is rejected for the same reason as set forth in claim 4 above.
As per claim 15, it is rejected for the same reason as set forth in claim 5 above.
As per claim 18, it is rejected for the same reason as set forth in claim 8 above.
Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Cherkas and Pereira in view of Malkov et al, U.S. Patent Application Publication 2020/0159624 (hereinafter Malkov).
As per claim 2, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Although Cherkas teaches causing rendering of a visualization on a display screen of a network device illustrating a plurality of metric display portions each providing a textual or graphical representation of a metric (figs. 5A-5G), however Cherkas and Pereira are silent in regards to causing rendering of a visualization on a display screen of a network device illustrating a plurality of metric display portions each providing a textual or graphical representation of a metric pertaining to anomaly detection for at least one of the first VPC, the second VPC, the first cloud computing network, or the second cloud computing network. Malkov teaches causing rendering of a visualization on a display screen of a network device illustrating a plurality of metric display portions each providing a textual or graphical representation of a metric pertaining to anomaly detection for at least one of the first VPC, the second VPC, the first cloud computing network, or the second cloud computing network ([128][133][149]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Malkov’s teaching with Cherkas’s and Pereira’s system in order to allow a user in Cherkas’s and Pereira’s system to visually see the data monitored and analyzed, thus improving the anomaly detection of Cherkas’s and Pereira’s system.
As per claim 12, it is rejected for the same reason as set forth in claim 2 above.
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Cherkas and Pereira in view of Veillette et al, WO 2007/087729 (hereinafter Veillette).
As per claim 6, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Although Pereira teaches wherein the first fingerprint is generated via network model trained with historical data (col. 10, lines 30-45), however, Cherkas and Pereira are silent in regards to feedforward neural network model. Veillette teaches wherein the first fingerprint is generated via feedforward neural network model [25][26].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Veillette’s teaching with Cherkas’s and Pereira’s system in order to allow different types of machine learning models to be used in Cherkas’s and Pereira’s system, thus improving the machine learning process in Cherkas’s and Pereira’s system.
As per claim 16, it is rejected for the same reason as set forth in claim 6 above.
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Cherkas and Pereira in view of Marik et al, U.S. Patent Application Publication 2009/0216469 (hereinafter Marik).
As per claim 7, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Cherkas and Pereira are silent in regards to causing a rendering of a visualization comprising the first fingerprint and current behavior of at least one network metric to provide a visual indication of the anomaly. Marik teaches causing a rendering of a visualization comprising the first fingerprint and current behavior of at least one network metric to provide a visual indication of the anomaly (fig. 5; [31]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Marik’s teaching with Cherkas’s and Pereira’s system in order to allow a user in Cherkas’s and Pereira’s system to visually detect an anomaly, thus improving the anomaly detection of Cherkas’s and Pereira’s system.
As per claim 17, it is rejected for the same reason as set forth in claim 7 above.
Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Cherkas and Pereira in view of Fahmy et al, U.S. Patent Application Publication 2021/0081818 (hereinafter Fahmy).
As per claim 9, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Cherkas and Pereira are silent in regards to updating the first fingerprint on a periodic basis. Fahmy teaches updating the first fingerprint on a periodic basis ([110]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Fahmy’s teaching with Cherkas’s and Pereira’s system in order to allow update control of the baseline data in Cherkas’s and Pereira’s system, thus improving the anomaly alert generation of Cherkas’s and Pereira’s system.
As per claim 19, it is rejected for the same reason as set forth in claim 9 above.
Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Cherkas and Pereira in view of Mijumbi et al, WO 2019/109338 (hereinafter Mijumbi).
As per claim 10, Cherkas and Pereira teach the invention substantially as claimed in claim 1 above. Cherkas and Pereira are silent in regards to predicting future network metrics based upon the first fingerprint using machine learning. Mijumbi teaches predicting future network metrics based upon the first fingerprint using machine learning ([54][29]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Mijumbi’s teaching with Cherkas’s and Pereira’s system in order to allow predication of future metrics in Cherkas’s and Pereira’s system, thus improving the anomaly detection of Cherkas’s and Pereira’s system.
As per claim 20, it is rejected for the same reason as set forth in claim 10 above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should
be directed to Philip Lee whose telephone number is (571)272-3967. The examiner can normally be
reached on 6a-3p M-F.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor,
Glenton Burgess can be reached on 571-272-3949. The fax phone number for the organization where this
application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application
Information Retrieval (PAIR) system. Status information for published applications may be obtained
from either Private PAIR or Public PAIR. Status information for unpublished applications is available
through Private PAIR only. For more information about the PAIR system, see http://pair- direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer
Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR
CANADA) or 571-272-1000.
/PHILIP C LEE/Primary Examiner, Art Unit 2454