Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. This action is responsive to: an original application filed on 18 October 2024.
2. Claims 1-15 are currently pending and claims 1 is independent claims.
Information Disclosure Statement
3. No IDS filed.
Priority
4. Priority date has been considered.
Drawings
5. The drawings filed on 18 October 2024 are objected as not readable/eligible (Fig 2B-2J).
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “Network Monitoring Elements” “Attack Path Tracer” and “network Security Controller” in claim 1.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC §112
6. The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
In claims 1-2, and 4, the term "some" in the limitation renders the claim indefinite because the specification lacked some standard for measuring the degree intended and, therefore, properly rejected as indefinite under 35 U.S.C. 112, second paragraph. Ex parte Oetiker, 23 USPQ2d 1641 (Bd. Pat. App. & Inter. 1992). Dependent claims are also rejected under the same rationale.
Claim Rejections - 35 USC § 103
7. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-15 are rejected under 35 U.S.C §103 as being unpatentable over Dunn et al. (Publication No. WO 2023283357), hereinafter Dunn and in view of Crabtree et al. (US Publication No. 20220060507), hereinafter Crabtree.
Regarding claim 1:
a heterogeneous set of Network Monitoring Elements (NME), wherein at least some of the monitoring elements are deployed to different respective nodes on the heterogeneous computer network and are configured to detect network related parameters and events associated with their respective nodes (Dunn, ¶160, ¶134), wherein Al models to deploy that specific attack depicted with the graph 500 in light of the orchestration module, where the specific attack generated by the specific attack scenario may be particularly customized based on email and network connectivity and behavior pattern data of one or more users in the cyber threat defense system as well as the contextual knowledge of the organization and its entities.
an Attack Path Tracer (APT) configured to scan across clusters and segments of said computer network to discover (Dunn, ¶28-30), Dunn does not explicitly suggest, and map potential attack paths assessed as potentially vulnerable to a cyberattack on said computer network; however, in a same field of endeavor Crabtree discloses this limitation (Crabtree, ¶61, ¶111-112).
and a Network Security Controller (NSC) communicatively coupled with said APT and with said NMEs, and configured to, upon receiving an indication of an event detection relating to a specific category of events occurring within a mapped potential attack path, trigger an alert notification; however, in a same field of endeavor Crabtree discloses this limitation (Crabtree, ¶121, ¶110, ¶114), wherein , If a mismatch occurs, this may indicate that the session has been tampered with or falsified such as in a pass-the-ticket type attack, and an event log is generated 1450 indicating the suspicious activity. This approach maintains active monitoring of the user's session as they operate within the network and interact with various resources, alerting security systems and personnel immediately when suspicious session activity is detected/
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of attack path analysis of Dunn with the mapping attack path disclosed in Crabtree to identify vulnerabilities such as flaws in firewall configuration, outdated software, hardware vulnerabilities, stated by Crabtree at para.109.
Regarding claim 2:
wherein said NSC communicates with at least some of the deployed monitoring elements and receives indications relating to events of various event types detected by respective monitoring elements, wherein events of specific event types may include a combination of one or more events of specific event types occurring concurrent with a combination of one or more specific network parameters (Dunn, ¶160, ¶41).
Regarding claim 3:
Dunn does not explicitly suggest, wherein said NSC collects network activity information including attack path information from multiple sources upon said NSC triggering a suspected attack alert notification; however, in a same field of endeavor Crabtree discloses this limitation (Crabtree, ¶114).
Same motivation for combining the respective features of Dunn and Crabtree applies herein, as discussed in the rejection of claim 1.
Regarding claim 4:
Dunn does not explicitly suggest, wherein at least some monitoring elements maintain logs of events they detect and said NSC retrieves these logs upon triggering of a suspected attack alert notification; however, in a same field of endeavor Crabtree discloses this limitation (Crabtree, ¶114).
Same motivation for combining the respective features of Dunn and Crabtree applies herein, as discussed in the rejection of claim 1.
Regarding claim 5:
wherein said monitoring elements store event logs in a centralized repository and said NSC is configured to retrieve the logs from said centralized repository (Dunn, ¶47).
Regarding claim 6:
wherein said NSC retrieves and analyzes specific logs corresponding to parameters associated with a specific suspected cyberattack which triggered a specific attack alert notification (Dunn, ¶48).
Regarding claim 7:
wherein said NSC is functionally associated with a monitoring element Discovery and Handshake Modules (DHM) configured to identify and establish communication with multiple monitoring elements of varying categories deployed across said computer network (Dunn, ¶52).
Regarding claim 8:
wherein said DHM receives data relating to activity detections from monitoring elements (Dunn, ¶7).
Regarding claim 9:
wherein said APT uses discovered monitoring elements to scan and map the computer network (Dunn, ¶80).
Regarding claim 10:
wherein said NSC or a functionally associated module deploys monitoring elements to nodes of said computer network based on APT mapping (Dunn, ¶147).
Regarding claim 11:
further comprising a dashboard code generator configured to generate browser renderable html and Java Script dashboard code based on definitions within a system dashboard configuration file (Dunn, ¶20).
Regarding claim 12:
wherein said dashboard code defines both data visualization and system control interface elements (Dunn, ¶139).
Regarding claim 13:
wherein said dashboard code is in a Document Object Model (DOM) format (Dunn, ¶178).
Regarding claim 14:
further comprising a dashboard configuration editor to provide a user interface for appending or editing dashboard element: (a) types, (b) configurations, and (c) placements definitions within the dashboard configuration file (Dunn, ¶92).
Regarding claim 15:
further comprising a data router for routing data from monitoring elements and from said NSC to dashboard elements within an instance of rendered dashboard code (Dunn, ¶153).
Conclusion
8. The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Monjour Rahim whose telephone number is (571)270-3890.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (in USA or CANANDA) or 571-272-1000.
/Monjur Rahim/
Patent Examiner
United States Patent and Trademark Office
Art Unit: 2436; Phone: 571.270.3890
E-mail: monjur.rahim@uspto.gov
Fax: 571.270.4890