INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER READABLE RECORDING MEDIUM

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This office action is in response to the application filed on 01/23/2026. Claim(s) 1,3-4,6-7,9-13 and 15-18 is/are pending and are examined. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed on 01/23/2026 have been fully considered but they are not persuasive for the following reasons: Applicant’s Argument: In contrast, the subject matter presently recited in claim 1 can be understood with respect to the following four features (a)-(d): (a) acquiring, as an exercise condition, an exercise execution time specified by a participant of a cybersecurity exercise; (b) generating a cybersecurity attack scenario for the exercise and extracting a portion of the scenario that falls within the specified execution time; (c) creating a series of attack operations to be executed in the cybersecurity exercise based on the extracted portion; and (d) prior to extracting the portion that falls within the execution time, determining whether the portion satisfies an attack operation condition that defines whether the series of attack operations is executable, and extracting the portion when the attack operation condition is satisfied. Applicant respectfully submits that Rosenberg does not describe features (a) through (c) described above. Moreover, Jeon, which is cited in the rejection of claim 2, merely describes processing for determining application vulnerabilities, and does not describe or suggest the feature (d) of claim 1 (previously recited in claim 2). In view of the above, Applicant respectfully submits that amended claim 1 recites features that are neither described nor suggested by the cited references. Accordingly, Applicant respectfully submits that the asserted references fail to render obvious the subject matter, as a whole, that is presently recited in claim 1, and that claim 1 is allowable over the cited references. (Applicant’s response filed on 01/23/2026, page 13). Examiner’s Response: The Examiner respectfully disagrees. Rosenberg in view of Jeon teaches the stated claim language corresponding to the steps a-d above. Step a being clearly taught by the cited portion of Rosenberg ¶ 105, “a user interface window 520 for assessing a cybersecurity skill of a participant in a gamified learning environment (i.e., cybersecurity exercise) including fields for adding a flag, in accordance with an embodiment. The user interface window 520 can be implemented via a GUI (Graphical User Interface) as a part of a web application portal, and can display a number of fields such as a field 522 to select a flag name based on a question, a field 524 that displays an answer, a field 526 that allows a user to select a course, a field 528 that allows a user to select a task (e.g., “Conduct SQL Injection Attack”), a field 530 that allows a user to select a flag type (e.g., “String), a field 532 that allows a user to select a number of points, a field 534 that allows a user to select a module (e.g., “SQL Injection” module), and a field 536 that allows a user to select a duration (e.g., in minutes). (i.e. acquiring an execution duration)” Where a user i.e., a participant of a cybersecurity exercise is selecting a duration for a course module i.e., an exercise execution time where the course has task corresponding to a type of attack that is being performed i.e., exercise condition. This further leads into teaching step b-c where ¶ 105 gets further expanded upon with Rosenberg ¶ 115 “assuming that the cybersecurity training session has been completed, then as depicted at block 612, the cybersecurity skill of the participant can be assessed via the user interface, based on metrics that indicate how the participant achieved the cybersecurity task as compared to at least one other participant of the cybersecurity assessment, and after the cybersecurity task has been completed by the participant via the user interface. The results of the assessment can be then organized, stored in a computer memory and displayed via the user interface as depicted at block 614. The results can be stored for further analysis and retrieval.” Where the instruction system must have generated the attack operations corresponding to the attack that the user had selected and the attack operations would occur duration of time that the user also selected. Jeon then modifies Rosenberg to teach step d as written in the claims in the cited portion ¶ 13, “determining whether vulnerability determination has been completed for the selected fixed parameter; (i.e., satisfies attack operation condition) inserting an attack pattern for each attack type to an input value for the selected fixed parameter, when the vulnerability determination has not been completed; and determining vulnerability of the selected fixed parameter by each attack type through an analysis of response to an input of URL link with the attack pattern inserted thereinto. (i.e., extracting)” Which clearly when taken in combination with the teachings of Rosenberg teaches the claimed limitation. It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Rosenberg with Jeon, to modify the cybersecurity skills assessment method of Rosenberg with determination if a parameter is met or not before an action is executed of Jeon. The motivation to do so, Jeon ¶ 32, to determines whether vulnerability determination has been completed for the selected fixed parameter. Applicant's remaining arguments with respect to amended claim(s) 1, 7, and 13 have been fully considered but are moot in view of the following new ground(s) of rejection. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 4, 7, 10-11, 13, 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rosenberg (US 2021/0082309 A1), hereinafter Rosenberg in view of Jeon (US 2009/0119777 A1), hereinafter Jeon in further view of Pritzkau (US 2020/0028861 A1), hereinafter Pritzkau in even further view of Tsyganskiy (US 7,958,486 B2), hereinafter Tsy. Regarding Claim(s) 1, 7, and 13 Rosenberg teaches: An information processing method comprising: (Rosenberg ¶ 9 teaches, to provide for a method, system and computer usable program product for assessing cybersecurity skills.) acquiring an execution duration of a cybersecurity exercise specified by a participant of the cybersecurity exercise, as an exercise condition; and (Rosenberg ¶ 105 teaches, a user interface window 520 for assessing a cybersecurity skill of a participant in a gamified learning environment (i.e., cybersecurity exercise) including fields for adding a flag, in accordance with an embodiment. The user interface window 520 can be implemented via a GUI (Graphical User Interface) as a part of a web application portal, and can display a number of fields such as a field 522 to select a flag name based on a question, a field 524 that displays an answer, a field 526 that allows a user to select a course, a field 528 that allows a user to select a task (e.g., “Conduct SQL Injection Attack”), a field 530 that allows a user to select a flag type (e.g., “String), a field 532 that allows a user to select a number of points, a field 534 that allows a user to select a module (e.g., “SQL Injection” module), and a field 536 that allows a user to select a duration (e.g., in minutes). (i.e. acquiring an execution duration)) creating a series of attack operations to be executed in the cybersecurity exercise by creating a scenario of a cyberattack to be used in the cybersecurity exercise, (Rosenberg ¶ 105 teaches, a field 526 that allows a user to select a course, a field 528 that allows a user to select a task (e.g., “Conduct SQL Injection Attack”), (i.e., an SQL attack injection attack would be created when program is executed) a field 530 that allows a user to select a flag type (e.g., “String), a field 532 that allows a user to select a number of points, a field 534 that allows a user to select a module (e.g., “SQL Injection” module), (i.e. scenario with attacks) and a field 536 that allows a user to select a duration (e.g., in minutes). (i.e. acquiring an execution duration)) and extracting a part of the created scenario that is executable within the specified exercise duration. (Rosenberg ¶ 115 teaches, assuming that the cybersecurity training session has been completed, then as depicted at block 612, the cybersecurity skill of the participant can be assessed via the user interface, based on metrics that indicate how the participant achieved the cybersecurity task as compared to at least one other participant of the cybersecurity assessment, and after the cybersecurity task has been completed by the participant via the user interface. The results of the assessment can be then organized, stored in a computer memory and displayed via the user interface as depicted at block 614. The results can be stored for further analysis and retrieval. ¶ 105 teaches, a field 536 that allows a user to select a duration (e.g., in minutes). (i.e. acquiring an execution duration)) Rosenberg does not appear to explicitly teach but in related art: before extraction of the part, determining whether the part satisfies an attack operation condition that defines whether or not the series of attack operations is to be executed, and if the attack operation condition is satisfied, extracting the part; (Jeon ¶ 13 teaches, determining whether vulnerability determination has been completed for the selected fixed parameter; (i.e., satisfies attack operation condition) inserting an attack pattern for each attack type to an input value for the selected fixed parameter, when the vulnerability determination has not been completed; and determining vulnerability of the selected fixed parameter by each attack type through an analysis of response to an input of URL link with the attack pattern inserted thereinto. (i.e., extracting)) It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Rosenberg with Jeon, to modify the cybersecurity skills assessment method of Rosenberg with determination if a parameter is met or not before an action is executed of Jeon. The motivation to do so, Jeon ¶ 32, to determines whether vulnerability determination has been completed for the selected fixed parameter. Rosenberg in view of Jeon does not appear to explicitly teach but in related art: wherein the processor further: causes a computer system that includes a server and a terminal to: (Pritzkau ¶ 52 teaches, The illustrated Computer 802 is intended to encompass any computing device such as a server, desktop computer, laptop/notebook computer, wireless data port, smart phone, personal data assistant (PDA), tablet computer, one or more processors within these devices, another computing device, or a combination of computing devices, including physical or virtual instances of the computing device, or a combination of physical or virtual instances of the computing device. Additionally, the Computer 802 can include an input device, such as a keypad, keyboard, touch screen, another input device, or a combination of input devices that can accept user information, and an output device that conveys information associated with the operation of the Computer 802, including digital data, visual, audio, another type of information, or a combination of types of information, on a graphical-type user interface (UI) (or GUI) or other UI.) execute a series of attack operations, corresponding to the extracted part, at the terminal; and (Pritzkau ¶39 and 42-43 and Fig. 5-6, Each path in the Forensic Lab View corresponds to an Event in the Attack Path View. For the purpose of this disclosure, a path contains a series of filters. (i.e., path contains attack operations) Pattern is created for the workspace, and a time period can be adjusted to let the pattern run periodically. ETD patterns are data objects saved in JSON format in a pattern persistency. ETD patterns contain paths. (i.e., patterns contain paths which have attack operations) Executing the created pattern can generate an alert, and further actions could be taken automatically in response to that alert. (i.e., executing the chosen patterns which have selected paths of attack operations.) For example, after the alerted is generated, a user account under which an attacker logged in can be locked, a corresponding computer system can be shut down, a corresponding user session can be terminated, or experts can be notified for detailed investigation.) It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Rosenberg in view of Jeon with Pritzkau, to modify the cybersecurity skills assessment method of Rosenberg with determination if a parameter is met or not before an action is executed of Jeon with the attack patterns and paths of Pritzkau. The motivation to do so, Pritzkau ¶ 1, to identify suspicious behavior and to allow an appropriate response. Rosenberg-Joen-Pritzkau does not appear to explicitly teach but in related art: output logs collected during execution of the series of attack operations. (Tsy Col. 34 Ln. 45-48 teaches, the system displays all the log entries caused by execution of operations in the application code that affected a data object, sorted or indexed by object instead of in the original execution order.) It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Rosenberg-Jeon-Pritzkau with Tsy, to modify the cybersecurity skills assessment method of Rosenberg with determination if a parameter is met or not before an action is executed of Jeon with the attack patterns and paths of Pritzkau with the output logs of Tsy. The motivation to do so, Tsy Col. 35 Ln. 9-11, to allow a user to see exactly how the objects of each data class have been accessed and manipulated during execution of the application. Regarding Claim(s) 4, 10, and 16 Rosenberg-Jeon-Pritzkau-Tsy teaches: The information processing method according to claim 7, (Rosenberg-Jeon-Pritzkau-Tsy teaches the parent claim above.) wherein the acquiring the exercise condition includes acquiring a type of a cyberattack specified by the participant as the exercise condition, and (Rosenberg ¶ 105 teaches, a field 526 that allows a user to select a course, a field 528 that allows a user to select a task (e.g., “Conduct SQL Injection Attack”), a field 530 that allows a user to select a flag type (e.g., “String), a field 532 that allows a user to select a number of points, a field 534 that allows a user to select a module (e.g., “SQL Injection” module), (i.e. scenario with attacks) and a field 536 that allows a user to select a duration (e.g., in minutes). (i.e. acquiring an execution duration)) the creating the attack operations includes creating a scenario of the cyberattack in accordance with the type of the cyberattack specified by the participant. (Rosenberg ¶ 105 teaches, a field 526 that allows a user to select a course, a field 528 that allows a user to select a task (e.g., “Conduct SQL Injection Attack”), a field 530 that allows a user to select a flag type (e.g., “String), a field 532 that allows a user to select a number of points, a field 534 that allows a user to select a module (e.g., “SQL Injection” module), (i.e. scenario with attacks) and a field 536 that allows a user to select a duration (e.g., in minutes). (i.e. acquiring an execution duration)) Regarding Claim(s) 11 and 17 Rosenberg teaches: The information processing method according to claim 7, further comprising (Rosenberg teaches the parent claim above.) causing a computer system for executing the cybersecurity exercise to execute the created series of attack operations. (Rosenberg ¶ 12 teaches, assessing the cybersecurity skill of the participant via the user interface, based on metrics that indicate how the participant achieved the cybersecurity task as compared to at least one other participant of the cybersecurity assessment, (i.e., the task must have been executed) after the cybersecurity task has been completed by the participant via the user interface. 1 105 teaches, a field 528 that allows a user to select a task (e.g., "Conduct SQL Injection Attack"), (i.e., attack executed) a field 530 that allows a user to select a flag type (e.g., "String), a field 532 that allows a user to select a number of points, a field 534 that allows a user to select a module (e.g., "SQL Injection" module), (i.e. scenario with attacks) and a field 536 that allows a user to select a duration (e.g., in minutes). (i.e. acquiring an execution duration).) Claim(s) 3, 9, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rosenberg-Jeon-Pritzkau-Tsy in view of Mizushima (US 2023/0017839 A1), hereinafter Mizushima. Regarding Claim(s) 3, 9, and 15 Rosenberg teaches: The information processing method according to claim 7, wherein the creating the attack operations further includes (Rosenberg-Jeon-Pritzkau-Tsy teaches the parent claim above.) determining the participant who has specified the execution duration used in the extraction of the part, (Rosenberg ¶ 115 teaches, the cybersecurity skill of the participant can be assessed via the user interface, based on metrics that indicate how the participant achieved the cybersecurity task as compared to at least one other participant of the cybersecurity assessment, and after the cybersecurity task has been completed by the participant via the user interface. The results of the assessment can be then organized, stored in a computer memory and displayed via the user interface as depicted at block 614. The results can be stored for further analysis and retrieval. (i.e., the participant must be known for the comparison to take place.)) Rosenberg does not appear to explicitly teach but in related art: comparing the created series of attack operations with a series of attack operations created in the past for the determined participant, and if a result of the comparison is that a proportion of an overlap between the two is equal to or greater than a threshold, extracting again a part of the created scenario that falls within the execution duration and is different from the extracted part. (Mizushima ¶ 92 teaches, the analysis result comparison unit 102 compares the previous and current business impact-based risk analysis results with each other, and extracts an attack step(s) that has become newly available for the attack.) It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Rosenberg-Jeon-Pritzkau-Tsy, to modify the cybersecurity skills assessment method of Rosenberg with determination if a parameter is met or not before an action is executed of Jeon with the attack patterns and paths of Pritzkau with the output logs of Tsy with the analysis comparison unit of Mizushima. The motivation to do so, Mizushima ¶ 92, by doing so, the user can easily recognize a difference(s) between the two risk analysis results. Claim(s) 6, 12, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rosenberg-Jeon-Pritzkau-Tsy in view of Karas (US 12,039,037 B2), hereinafter Karas. Regarding Claim(s) 6, 12, and 18 Rosenberg-Jeon-Pritzkau-Tsy teaches: The information processing method according to claim 11, further comprising: (Rosenberg-Jeon-Pritzkau-Tsy teaches the parent limitation above) Rosenberg-Jeon-Pritzkau-Tsy does not appear to explicitly teach but in related art: creating a non-attack operation that does not fall under a category of the cyberattack, using an execution command included in the created series of attack operations; and (Karas Col. 14 Ln. 7-26 teaches, determined that the execution command comprises a second executable product in addition to the executable product appearing in the recorded suspicious input event. In some exemplary embodiments, a l/O command injection attack may attempt to cause an execution of a benign command to cause malicious side-effects.) causing the computer system to execute the created non-attack operation. (Karas Col. 14 Ln. 7-26 teaches, determined that the execution command comprises a second executable product in addition to the executable product appearing in the recorded suspicious input event. In some exemplary embodiments, a l/O command injection attack may attempt to cause an execution of a benign command to cause malicious side-effects.) It would have been obvious to one with ordinary skill the art, prior to the applicant's earliest effective filing date, to combine the teachings of Rosenberg-Jeon-Pritzkau-Tsy with Karas, to modify the cybersecurity skills assessment method of Rosenberg with determination if a parameter is met or not before an action is executed of Jeon with the attack patterns and paths of Pritzkau with the output logs of Tsy with an execution of a non-malicious command in an attack of Karas. The motivation to do so, Col. 14 Ln. 7-13, to cause malicious side-effects. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 2021/0226990 A1 – A method for automatic detection and prevention of injection attacks via an application monitoring agent operating in a network. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB BENEDICT KNACKSTEDT whose telephone number is (703)756-5608. The examiner can normally be reached Monday-Friday 8:00 am - 5:00 pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /J.B.K./Examiner, Art Unit 2408 /LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408