Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Amendment
Claims 1 and 3-11 have been amended.
Claims 1-11 are pending.
Response to Arguments
Applicant’s arguments with respect to the pending claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
I. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
II. CLAIMS 1-11 are rejected under 35 U.S.C. 103 as being unpatentable over GARYANI et al (US 2023/0107335) in view of BEHL et al (USPN 11,575,499).
Per claim 1, GARYANI et al teach a computer-implemented method of providing a technical assessment for certification of a in providing a cybersecurity service in a field, the method being implemented with computer processes carried out by a certification agent server system, the computer processes comprising:
receiving and storing, by the certification agent server system, general organizational and performance data of the managed cybersecurity service provider, such data being obtained from the managed cybersecurity service provider and a set of auditors (paras 0037, 0086, 0092, 0268-269—auditors, agents and user agent; paras 0065, 0082, 0126-128, 0311-317—detecting a cybersecurity attack against customers of a service provider, storing activity data and performance level constraints of service providers following cybersecurity attacks for cyberattack risk mitigation);
receiving and storing, by the certification agent server system, (i) organizational and performance data of the managed cybersecurity service provider in providing its service in the field, (ii) the managed cybersecurity service provider ’s system architecture configuration data for providing its service in the field, (iii) the managed cybersecurity service provider ’s qualification data for providing its service in the field, (v) data characterizing cyber risk exposure of the managed cybersecurity service provider in providing its service in the field (paras 0071-73, 0075, 0083—customer-localized cybersecurity attack detection tool configured to perform an analysis of the shared activity subset of the dataset, calculate probabilities and statistical measures based on environmental parameters including anomaly detection; paras 0067, 0127-128, 0261, 0311—generating a security alert, enhancing a security requirement, auditing or suspending an account, credentialed access authentication; paras 0250-260, 0311—risk mitigation executed by cybersecurity tool);
processing, by the certification agent server system, the received data in relation to a set of benchmarks defining technical performance by the managed cybersecurity service provider in providing its service in the field to arrive at a determination if the managed cybersecurity service provider is providing its service in the field in a reliable manner (paras 0021, 0031-32, 0312-314—providing performance level constraints for assessing performance satisfaction); and
causing, by the certification agent server system, the determination to be supplied as an output (paras 0003, 0311, 0315-338—sharing, providing and reporting anomaly analysis based on attack detection).
GARYANI et al teach the limitations as applied above along with implementation into economic and business practices (para 0352), yet fail to explicitly teach the claimed feature of “(iv) financial data as to charges by the managed cybersecurity service provider for providing its service in the field”. However, BEHL et al teach a managed service provider, MSP, processing, storing and validating transactions in a blockchain ledger via smart contracts and cryptographic trust services for asset exchange transactions (col.5 line 18-col.6 line 54, col.6 lines 31-42).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed the invention to combine the teachings of GARYANI et al with BEHL et al for the purpose of receiving financial data associated with the service provider, which is well-known in the art for logging and assessing the validity of the financial data.
Per claim 2, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the field is selected from the group consisting of (i) backup as a service, (ii) disaster recovery as a service, (iii) firewall as a service, (iv) business email protection as a service, (v) managed endpoint security as a service, and (vi) any other similar service (paras 0039, 0222, 0250, 0311—backup, restore, endpoint security via location blocking, access restriction, firewall services, etc.).
Per claim 3, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the computer processes include: processing, by the certification agent server system, the received general organizational and performance data of the managed cybersecurity service provider to arrive at an initial determination of the managed cybersecurity service provider’s ability to deliver services in an initial certifiable manner (paras 0067, 0260-263, 0311—requiring multifactor authentication, requiring human review of access requests; paras 0031, 0046-48, 0052—sharing anomaly analysis data based on machine learning and tools for attack detection among customers of a service provider).
Per claim 4, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the general organizational and performance data, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a management and a performance in providing services that apply to the managed cybersecurity service provider as a whole (paras 0131-134, 0137, 0139—evaluating anomalousness using statistical models to decide which entities are suspicious with detection alerts processed by security researchers inside a service provider).
Per claim 5, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the organizational and performance data, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a management and a performance in providing the service in the field by the managed cybersecurity service provider (paras 0065, 0082, 0126-128, 0311-317—detecting a cybersecurity attack against customers of a service provider, storing activity data and performance level constraints of service providers).
Per claim 6, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the system architecture configuration data for providing its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a computer architecture, including communications between computing entities, in providing the service in the field by the managed cybersecurity service provider (paras 0131-134, 0137, 0139—evaluating anomalousness using statistical models to decide which entities are suspicious with detection alerts processed by security researchers inside a service provider).
Per claim 7, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the qualification data for providing its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a specialty knowledge, qualifications, or experience of the managed cybersecurity service provider to manage the providing of the service in the field (paras 0067, 0260-263, 0311—requiring multifactor authentication, requiring human review of access requests; paras 0031, 0046-48, 0052—sharing anomaly analysis data based on machine learning and tools for attack detection among customers of a service provider; para 0135—credentials of virtual machines for gaining access).
Per claim 8, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, BEHL et al further teach wherein the financial data as to the charges by the managed cybersecurity service provider for providing its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to a financial value of the service in the field provided by the managed cybersecurity service provider (col.5 line 18-col.6 line 54, col.6 lines 31-42—processing, storing and validating transactions in a blockchain ledger via smart contracts and cryptographic trust services for asset exchange transactions).
Per claim 9, GARYANI et al with BEHL et al teaches the computer-implemented method according to claim 1, GARYANI et al further teach wherein the data characterizing cyber risk exposure of the managed cybersecurity service provider in offering its service in the field, in a context of evaluating the managed cybersecurity service provider for certification, comprises data relating to an exposure of the managed cybersecurity service provider in specific risk scenarios (paras 0065, 0082, 0126-128, 0311-317—detecting a cybersecurity attack against customers of a service provider, storing activity data and performance level constraints of service providers following cybersecurity attacks for cyberattack risk mitigation).
Per claim 10, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein a data source of the organizational data performance data of the managed cybersecurity service provider in providing its service in the field, the managed cybersecurity service provider’s architectural configuration data for providing its service in the field, the managed cybersecurity service provider’s qualification data for providing its service in the field, the financial data as to the charges by the managed cybersecurity service provider for providing its service in the field, and the data characterizing the cyber risk exposure of the managed cybersecurity service provider in providing its service in the field, is selected from the group consisting of: data of the managed cybersecurity service provider from audit sources; data from historical performance and success rate of service of the managed cybersecurity service provider; and data from scenario based cyber risk exposure (paras 0005, 0031, 0067, 0343—analysis of historic data to determine anomalous patterns, enhancing security requirements using auditing and auditors; BEHL et al: col.2 lines 8-29—self-auditing to determine compromised applications).
Per claim 11, GARYANI et al with BEHL et al teach the computer-implemented method according to claim 1, GARYANI et al further teach wherein the set of benchmarks comprises minimum requirements that apply to the service in the field with which the managed cybersecurity service provider must comply (paras 0005, 0067, 0127-128—enhancing security requirements of the service provider, mitigation may be performed to heighten resource access requirements, increase logging and auditing, suspend account access, enhancing security requirements (by requiring multifactor authentication, requiring human review of access requests, etc.), increasing logging or auditing or both, suspending an account, or invoking additional mitigation tool(s); para 0112, 0229—service provider provides a security service to a particular customer pursuant to an agreement).
Conclusion
III. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. WO 20204/073843; WO 2024/211703.
IV. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
V. Any inquiry concerning this communication or earlier communications from the examiner should be directed to KRISTIE D SHINGLES whose telephone number is (571)272-3888. The examiner can normally be reached on Monday-Thursday 10am-7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal Divecha can be reached on 571-272-5863. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KRISTIE D SHINGLES/
Primary Examiner, Art Unit 2453