DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,118,095. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims recite essentially the same subject matter. The only difference in the scope of subject matter is the details displayed due to the selection of the vulnerability in the GUI. In the instant application, details are displayed including one or more scan requests associated with the vulnerability, one or more scan responses associated with the vulnerability, and a verification status of the vulnerability, whereas in the ‘095 patent, details are displayed including a scan request and response, as in the instant application, as well as a module type of the vulnerability and a confidence score for the vulnerability. The claims of the instant application are anticipated by the claims of the ‘095 patent other than the instant application including a verification status of the vulnerability. Including a verification status is a notoriously well-known and routine step for making sure that information is reliable. It would have been obvious to one of ordinary skill in the art to include vulnerability verification in the ‘095 patent in order to make sure the vulnerability information is reliable.
Allowable Subject Matter
Claims 21-40 would be allowable if a terminal disclaimer is filed overcome the double patenting rejection of record.
The following is a statement of reasons for the indication of allowable subject matter: The closest prior art is:
Cornelius (JP 2018/530066) which teaches: security management server aggregates different types of security events for a period of time and calculates a confidence score for each security event. The security management server can determine the confidence score using methods (eg, with a set of ground truth events that correlate to incidents). A confidence score for a given security event generally represents a collection of data that can be used to evaluate the impact of the occurrence of that event on a given context on the security status of an entity. For example, the confidence score may represent a measure that measures the percentage of time that a particular security event occurred in the context of a positively detected security incident. Data within the confidence score can refer to any context available to the security management server. Such contexts include what events precede monitored device configuration data, sensitive data about security events or patches, the field of events (eg, IP or URL reputation, etc.), etc. Can be mentioned. The security management server then determines a set of thresholds for detecting a security incident from the security event based on the confidence score. For example, as described below, the security management server uses a threshold to determine the level of security incident that should be investigated for a given set of security events from a log, none of which is worth investigating individually. Determine when to escalate – see page 3, paragraph 2. Once SID tool 134 receives a security incident (i.e., each of the one or more potential security vulnerabilities), SID tool 134 calculates a confidence score (via confidence score component 202) for each security event and uses one or more diversity metrics. And evaluate security events. The SID tool 134 then uses this information (via the learning component 204 or, in some embodiments, by a human analyst) (i.e, using the ML model) to distinguish known incidents (i.e., previously identified vulnerabilities) from false positive alert identification (i.e., true or false positive) and Determine a threshold that can be used to generate the set) -see page 8, paragraph 4. Monitoring interface involved in incidents in order of decreasing confidence – see page 8 second to last paragraph.
However, Cornelius does not teach all the limitations of the claimed invention. See case file for parent application 17/389692, including non-final rejection mailed 3/22/2024, applicants response filed 6/25/2024, and allowance mailed 08/02/2024 for additional reasons for allowance.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LISA C LEWIS/Primary Examiner, Art Unit 2495