DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
A preliminary amendment was filed concurrently with the filing of the present application on 15 August 2024. By this preliminary amendment, Claims 3-11 and 14 have been amended. Claim 13 has been canceled. No new claims have been added. Claims 1-12 and 14 are currently pending in the present application.
Information Disclosure Statement
The listing of references in the specification is not a proper information disclosure statement. 37 CFR 1.98(b) requires a list of all patents, publications, or other information submitted for consideration by the Office, and MPEP § 609.04(a) states, "the list may not be incorporated into the specification but must be submitted in a separate paper." Therefore, unless the references have been cited by the examiner on form PTO-892, they have not been considered.
The information disclosure statement filed 13 November 2024 has been considered.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: 20 (see page 14, line 19). Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application.
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 7a-7d, 19 (see Figure 3). Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application.
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference characters 1 and 2 have been used to designate multiple different firewalls in Figure 3. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application.
The drawings are objected to because they include informalities and are unclear. Figure 1 does not include any text labels or descriptions. The depiction of a flow chart without any descriptions of the steps is not sufficiently clear. See 37 CFR 1.84(o). In Figure 2, there appears to be no description in the specification of the depicted elements of Figure 2. In Figure 3, it is not clear what reference character 12 is intended to refer to. In Figure 3, it is not clear what the labels “n” and “T” are intended to refer to. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application.
Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The abstract of the disclosure is objected to because it includes informalities such as grammatical or other errors. In particular, in line 9, the phrase “For doing so” is not in clear idiomatic English and it is not clear what this is referring to. In line 10, the phrase “suggests to provide” appears to be missing a subject for the verb “provide”. A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:
The specification does not clearly include the sections defined in 37 CFR 1.77(b) and does not include section headings as per 37 CFR 1.77(c).
The specification includes minor grammatical and other errors. For example, on page 1, line 25, the phrase “try to detected” is grammatically unclear. On page 1, line 29, the phrase “such as a bot the trigger” is grammatically unclear especially with respect to “the trigger”. On page 2, lines 3-4, in the phrase “a huge number of successful intrusions which is to be prevented”, the verb “is” does not clearly agree with the subject “intrusions”. On page 2, lines 5-6, the phrase “preventing attacks the consistently improves knowledge” is grammatically unclear especially with respect to “the consistently”. On page 2, line 17, it is not clear what the subject of the verb “operates” is intended to be. On page 3, line 15, the verb “provides” does not clearly agree with the subject “instructions”. On page 3, line 16, the phrase “but instructions access not the original data sets” in not in clear idiomatic English. On page 4, line 4, the phrase “For doing so scanning” is not in clear idiomatic English and it is not clear what “doing so” is intended to refer to. On page 4, line 15, it appears that “my means” may be intended to read “by means”. On page 4, line 19, it appears that “in case” may be intended to read “as long as” or similar. On page 4, lines 24-25, it appears that critical language (e.g. “on”, “in”, or other preposition) is missing from the phrase “intrude the requested infrastructure”. On page 4, the sentence at lines 28-29 beginning “For identifying and tracking” is generally grammatically unclear and appears to be missing critical punctuation. On page 5, line 2, the phrases “the further more” is not in clear idiomatic English. On page 5, line 6, “a” should be deleted before “signature information” because “information” is an uncountable noun that does not take the indefinite article. On page 5, line 17, it is not clear what the phrase “and exemplary attacks” is intended to modify or be coordinated with. On page 6, line 1, the phrase “is exchanged by” is not clear in context and is not in clear idiomatic English. On page 6, line 15, the phrase “block the intruder of even continue to operate” is grammatically unclear. On page 6, line 31, it is not clear what a “National identification number” is intended to be in this context or why “National” is capitalized. On page 7, line 19, the phrase “This might required” appears to be missing a verb or other critical language. On page 8, line 1, the phrase “the record is evaluated” is unclear with respect to what “the record” is, and on page 8, line 2, it is not clear how a “positive index” is defined in context. On page 8, line 5, the phrase “and/ data transmissions” appears to be missing critical language or, alternately, the usage of the slash is unclear. On page 9, line 30, the verb “perform” does not agree with the subject “instruction”. On page 10, line 4, it appears that the comma after “Wherever” should be deleted. On page 10, line 7, the phrase “in its entireness” is not in clear idiomatic English. On page 11, line 9, “a” should be deleted before “duplicated network session information”, and in line 12, “a” should be deleted before “signature information” because “information” is an uncountable noun that does not take the indefinite article. On page 11, line 23, it appears that “there” should read “their”. On page 11, lines 23-24, the abbreviations “IP” and “NIC” should be written out in full the first time they appear. On page 11, lines 29-32, it appears that a conjunction (e.g. “and” or “or”) is missing from the list of functions. The sentence at page 11, line 32-page 12, line 3, beginning “In addition, keep” is a fragment. On page 12, line 4, the phrase “During the time” is not in clear idiomatic English in context. On page 12, line 16, it appears that “brake” is intended to read “break”. On page 12, lines 25-28, the use of pronouns “he” and “it” is inconsistent and unclear. On page 13, line 15, the phrase “The lower layer maintains” appears to be an incomplete sentence. On page 13, lines 17-18, it appears that critical language is missing after “for keeping”. ON page 14, line 19, it appears that “A” and “B” in the description are not clearly the same as the A and B depicted in Figure 3. On page 15, line 2, it appears that “trough” may be intended to read “through”.
Appropriate correction is required. The above is not intended as an exhaustive list of errors in the specification. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Claim Objections
Claims 1-12 and 14 are objected to because of the following informalities:
In Claim 1, line 8, “a” should be deleted before “duplicated network session information”, and in line 12, “a” should be deleted before “signature information” because “information” is an uncountable noun that does not take the indefinite article.
In Claims 2-11, it appears that “characterized in that” may be intended to read “wherein” or similar for conformance with US practice.
In Claim 12, line 9, “a” should be deleted before “duplicated network session information”, and in line 13, “a” should be deleted before “signature information” because “information” is an uncountable noun that does not take the indefinite article
In Claim 14, line 10, “a” should be deleted before “duplicated network session information”, and in line 14, “a” should be deleted before “signature information” because “information” is an uncountable noun that does not take the indefinite article
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 14 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 14 does not fall within at least one of the four categories of patent eligible subject matter because the claim is directed to a computer-readable medium storing computer program instructions. The broadest reasonable interpretation of a computer readable medium typically covers both forms of non-transitory media and transitory propagating signals per se in view of the ordinary and customary meaning of computer-readable storage media (for example, as defined by usage in issued patents and published patent applications). Therefore, the claims encompass signals per se. A signal does not constitute statutory subject matter, because it is neither a process, a machine, an article of manufacture, nor a composition of matter, and therefore does not fall within any of the statutory classes of invention. See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007), and MPEP § 2106.03(I). See also “Subject Matter Eligibility of Computer Readable Media”, 1351 Off. Gaz. Pat. Office. When a claim encompasses both statutory and non-statutory subject matter, the claim as a whole is considered to be directed to non-statutory subject matter. See MPEP § 2106(II).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-12 and 14 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement. The claims contain subject matter which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention.
A determination of a failure to comply with the enablement requirement is made considering the undue experimentation factors set forth in MPEP § 2164.01(a). In the present application, the factors which appear to weigh most heavily are the breadth of the claims (MPEP § 2164.08), the amount of direction provided by the inventor (MPEP § 2164.03), and the existence of working examples (MPEP § 2164.02). Independent Claims 1, 12, and 14 broadly recite “comparing (105) this signature information with previously established signature information thereby computing (106) a security index” or similar language. The phrase “computing a security index” is a broad recitation, and although the claims recite that the computing is performed by the comparison of the signature data, there are no details of the steps used to actually compute the index or how simply comparing data would result in computation of an index. Although the specification generally discusses similarity being above a threshold or that behavior can be described by parameters in a multi-dimensional space (page 5, lines 22-27), there appears to be no detail provided in the specification of how similarity is calculated, how to determine a threshold, or how the multi-dimensional parameters may be used to compute the index. The specification appears to have no specific algorithm, instructions, or other working example of how the index is to be computed. The claims also recite “executing (107) the computing instructions in the requested infrastructure as a function of the security index” or similar language. The phrase “as a function of the security index” is a broad recitation, and there are no details in the claims or specification of the steps used to execute the instructions “as a function of the index”. Although the specification generally discusses merely executing instructions if the index reveals no attack (page 5, lines 28-30), there appears to be no detail provided in the specification of how the instructions are actually executed “as a function of the index”. The specification appears to have no specific algorithm, instructions, or other working example of how the instructions are to be executed as a function of the index. The lack of details or examples in any detail suggests that there is little direction provided by the inventor. Combined with the broad scope of the claims, this suggests that the enablement of the description is not commensurate in scope with the claims (MPEP § 2164.08) and that undue experimentation would be required to make or use the invention based on the disclosure (MPEP § 2164.06).
Claims not explicitly referred to above are rejected due to their dependence on a rejected base claim.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-12 and 14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “a computer network” in line 4. It is not clear whether this is intended to refer to the network of line 1 or a distinct network. The claim further recites “a requested infrastructure” in line 5. It is not clear whether this is intended to refer to the infrastructure of line 1 or a more specific element. The claim additionally recites “characterized by” in line 5. It is not clear what this phrase is intended to modify (i.e. it is not clear what is characterized) nor is it clear what the object of this phrase (i.e. it is not clear how it is characterized). The claim also recites “recording the execution of the computing instructions in said emulated infrastructure” in lines 9-10. It is not clear whether “in said emulated infrastructure” is intended to modify the recording or the execution. The claim further recites “storing (104) the duplicated network session and the execution of the computing instructions” in lines 11-12. First, there is not clear antecedent basis for “the duplicated network session”, although it appears that this may be intended to refer to the duplicated network session information. Further, it is not clear how the “execution” is to be stored. The claim additionally recites “characterized in that…” in line 17. It is not grammatically clear what this phrase is intended to modify. The above ambiguities render the claim indefinite.
Claim 2 recites “at least one actions of a group of actions, the group comprising…” in line 3. This does not properly define a Markush group because a Markush group must be a closed group defined by “consisting of”. See MPEP § 2173.05(h). The claim further recites “restricting access of the computing device” in line 4. First, it is not clear what access is actually restricted (i.e. access to what is restricted). Further, there is not clear antecedent basis for “the computing device” here and in lines 5-6 because Claim 1 recited at least one computing device, and if there is more than one, then it is not clear to which of the plural devices these limitations are intended to refer. Claim 2 further recites “further execution of the emulated infrastructure” in lines 5-6, which is not in clear parallel structure with the other elements of the list.
Claim 4 recites “the network session information” in line 2. It is not clear whether this is intended to refer to the received or duplicated network session information. The claim further recites “a National identification number” in line 3. It is not clear what is identified by this number. The claim additionally recites “and/or” in line 4. It is not clear whether the items in the list are all required or are intended as alternatives.
Claim 5 recites “and/or” in line 5. It is not clear whether the items in the list are all required or are intended as alternatives. Further, because “providing” appears before “imitation” in line 5, it is not clear whether this is intended to state that an imitation of infrastructure configuration is provided.
Claim 6 recites “and/or” in line 4. It is not clear whether the items in the list are all required or are intended as alternatives.
Claim 7 recites “several” in lines 3 and 4. The term “several” is, by definition, an indefinite quantity and is therefore ambiguous. The claim further recites “and/ data transmissions” in lines 3-4. The use of the slash is grammatically unclear in context.
Claim 8 recites “and/or” in line 3. It is not clear whether the items in the list are all required or are intended as alternatives.
Claim 12 recites “a computer network” in line 4. It is not clear whether this is intended to refer to the network of lines 1-2 or a distinct network. The claim further recites “a requested infrastructure” in lines 5-6. It is not clear whether this is intended to refer to the infrastructure of line 1 or a more specific element. The claim additionally recites “characterized by” in line 6. It is not clear what this phrase is intended to modify (i.e. it is not clear what is characterized) nor is it clear what the object of this phrase (i.e. it is not clear how it is characterized). The claim also recites “record the execution of the computing instructions in said emulated infrastructure” in lines 10-11. It is not clear whether “in said emulated infrastructure” is intended to modify the recording or the execution. The claim further recites “store (104) the duplicated network session and the execution of the computing instructions” in lines 12-13. First, there is not clear antecedent basis for “the duplicated network session”, although it appears that this may be intended to refer to the duplicated network session information. Further, it is not clear how the “execution” is to be stored. The claim additionally recites “characterized in that…” in line 18. It is not grammatically clear what this phrase is intended to modify. The above ambiguities render the claim indefinite.
Claim 14 recites “a computer network” in line 6. It is not clear whether this is intended to refer to the network of line 3 or a distinct network. The claim further recites “a requested infrastructure” in line 7. It is not clear whether this is intended to refer to the infrastructure of line 3 or a more specific element. The claim additionally recites “characterized by” in line 7. It is not clear what this phrase is intended to modify (i.e. it is not clear what is characterized) nor is it clear what the object of this phrase (i.e. it is not clear how it is characterized). The claim also recites “recording the execution of the computing instructions in said emulated infrastructure” in lines 11-12. It is not clear whether “in said emulated infrastructure” is intended to modify the recording or the execution. The claim further recites “storing (104) the duplicated network session and the execution of the computing instructions” in lines 13-14. First, there is not clear antecedent basis for “the duplicated network session”, although it appears that this may be intended to refer to the duplicated network session information. Further, it is not clear how the “execution” is to be stored. The claim additionally recites “characterized in that…” in line 19. It is not grammatically clear what this phrase is intended to modify. The above ambiguities render the claim indefinite.
Claims not explicitly referred to above are rejected due to their dependence on a rejected base claim.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-12 and 14 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Aziz et al, US Patent 8898788 (cited by Applicant).
In reference to Claim 1, Aziz discloses a method for securing infrastructure in a computer network against malicious attacks that includes receiving network session information from at least one computing device over a network, where the session information includes computing instructions to be performed in requested infrastructure (column 4, lines 42-44; column 3, lines 6-7; column 8, lines 8-13); scanning and emulating the requested infrastructure (column 7, lines 1-17); executing duplicated network session information using the emulated infrastructure and recording execution of the computing instructions (column 4, lines 50-56; column 8, lines 8-16); storing the duplicated network session information as signature information, comparing the signature information with previously established signature information based on a similarity function, and computing a security index (column 5, lines 62-63; column 6, lines 7-15; column 13, lines 31-39; column 8, lines 59-64; column 9, lines 8-13; column 13, lines 22-25); and executing the computing instructions in the requested infrastructure (column 14, lines 1-4; column 15, lines 12-14).
In reference to Claim 2, Aziz further discloses blocking a computing device, restricting the device’s access, recording requests from the device, or executing predefined response commands (column 15, lines 12-17).
In reference to Claims 3 and 4, Aziz further discloses assigning a new identifier and that the session information includes an IP address, identifiers, port numbers, time stamps, or packets (column 10, lines 56-58, for example).
In reference to Claims 5, 6, and 11, Aziz further discloses imitating hardware, software, or database behavior or infrastructure configuration, or providing predefined or random data sets or functionality, where the requested and emulated infrastructure are secured, separately operated on different hardware or software components or restricted from exchanging data (column 7, lines 19-21).
In reference to Claim 7, Aziz further discloses the previously established signature information is stored (column 13, lines 31-39).
In reference to Claim 8, Aziz further discloses a security risk, violation of an access right, an addressed component, or an identifier (column 8, lines 33-35).
In reference to Claims 9 and 10, Aziz further discloses reconfiguring the emulated infrastructure according to stored configuration and that infrastructure descriptions are read from storage (column 7, lines 4-6).
Claim 12 is directed to a network component having functionality corresponding to the method of Claim 1, and is rejected by a similar rationale, mutatis mutandis.
Claim 14 is directed to a software implementation of the method of Claim 1, and is rejected by a similar rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Barford et al, US Patent 8065722, discloses a technique for generating signatures for malicious network traffic using a simulated honeynet.
Aziz et al, US Patents 8171553, 8584239, and 9591020, disclose systems in which traffic is emulated in a duplicated network.
Ettema et al, US Patents 9495188 and 10044675, discloses a honey network emulating a network using clones to extract malware signatures.
Urias et al, US Patent 9742804, discloses a method using cloned virtual machines.
Fellows et al, US Patent Application Publication 2023/0011004, discloses a method using virtual environment cloning to simulate threats.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:00am-5:30pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal D Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Zachary A. Davis/Primary Examiner, Art Unit 2492