DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 19, 20, 86 and 87 are rejected under 35 U.S.C. 103 as being unpatentable over Liu (US 9,166,993), hereinafter referred to as Liu in view of Stolfo et al. (US 2016/0182545), hereinafter referred to as Stolfo.
Referring to claim 19, Liu teaches, as claimed, a method for detecting unusual system activity, comprising: logging, by a host controller of a data storage device in a computing system, a plurality of actions performed by a user of the computing system over time (i.e.-collecting file-activity data of individual user, col. 3, lines 2-4 and lines 39-41); determining, by the host controller, a user fingerprint for the user comprising of a set of usage actions based on the logged plurality of actions (i.e.-determining a profile history of the individual user comprising user’s file access pattern, col. 3, line 8); monitoring, by the host controller, a plurality of new actions conducted using the computing device (i.e.-monitoring file access activities using monitoring system of the computing system 102, col. 6, lines 10-11; and col. 5, lines 30-33); and detecting, by the host controller, unusual system activity based on a comparison of the plurality of new actions to the set of usage actions (i.e.-detecting anomaly by comparing user file access pattern with own’s history profile, col. 8, lines 16-20 & 50-52; col. 1, lines 46-51).
However, Liu does not teach triggering, by the host controller, a notification of a threatening event in the computing system as a result of the detected unusual system activity.
On the other hand, Stolfo discloses a system and method configured to detect unusual system activity – attack - by monitoring computer user behavior (page 2, ¶16, lines 6-10); and triggering a notification of a threatening event (i.e.-generating an alert in response to identifying the attack, page 2, ¶16, lines 11-13).
Therefore, before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to modify the teachings of Liu and incorporate the step of: triggering, by the host controller, a notification of a threatening event in the computing system as a result of the detected unusual system activity, as taught by Stolfo. The motivation for doing so would have been to notify an administrator user by transmitting a message to a host sensor or host-based monitoring application.
As to claim 20, the modified Liu teaches the method of claim 19, wherein the plurality of actions are actions that affect data stored in the data storage device (col. 6, lines 14-19).
Referring to claims 86 and 87, the claim is substantially the same as claims 19 and 20, hence the rejection of claim 19 and 20 is applied accordingly.
Claims 21, 22, 88 and 89 are rejected under 35 U.S.C. 103 as being unpatentable over Liu and Stolfo, as applied to claims 19 and 86 above, and further in view of Matthews et al. (US 2018/0176197), hereinafter referred to as Matthews.
As to claims 21, the modified Liu teaches the method of claim 19, wherein the plurality of new actions match the set of usage actions (col. 6, lines 14-19), however, does not teach wherein the set of usage actions are associated with a ransomware attack.
On the other hand, Matthews discloses dynamic data protection system and method configured to prevent unauthorized access to data caused by an intrusion event using ransomware, spyware, malware, etc.… (page 1, ¶2, lines 4-7 and ¶4, lines 6-8).
Therefore, before the effective filing date of the claimed invention, it would have been obvious to a person of ordinary skill in the art to further modify the teachings of Liu so that the set of usage actions are associated with a ransomware attack, as taught by Matthews. The motivation for doing so would have been to further protect the data from inside out such that an outside force may not be allowed to access and/or damage the stored data.
As to claim 22, the modified Liu in view of Matthews teaches the method of claim 19, wherein the plurality of new actions includes a predetermined number of actions not included in the set of usage actions (see Matthews, page 2, ¶13, lines 19-21).
As to claims 88 and 89, the claim is substantially the same as claims 21 and 22, hence the rejection of claim 21 and 22 is applied accordingly.
Examiner’s note:
Examiner has cited particular columns and line numbers in the references applied to the claims above for the convenience of the Applicant. Although the specified citations are representative of the teachings of the art and are applied to specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the Applicant in preparing responses, to fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passages as taught by the prior art or disclosed by the Examiner.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Kisor et al. (US 6,266,773), Chari et al. (US 9,558,347), Sawhney et al. (US 9,106,687), Muttik et al. (US 2016/0026581) and Lin et al. (US 10,785,210) do teach method and system for intruder attack detection by monitoring computer user behavior.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELIAS MAMO whose telephone number is (571)270-1726. The examiner can normally be reached Mon-Thu, 7 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, HENRY TSAI can be reached at 571-272-4176.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto. gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/ patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Elias Mamo/Primary Examiner, Art Unit 2184