DETAILED ACTION
Claims 1-20 are presented for examination.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,164,630. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the parent patent anticipate those of the instant application. By way of illustration, consider the respective method claims of both disclosures:
Claim 2 of the instant application
Claim 15 of the ‘630 patent
2. A method, implemented using one or more processors of a cybersecurity system, comprising:
detecting a candidate event indicating malware loaded on a first telecommunication device of a plurality of telecommunication devices;
identifying a set of telecommunication devices for which the candidate event was detected;
determining a number of telecommunication devices included in the set of telecommunication devices that satisfy a proximity threshold condition;
determining that the number of telecommunication devices satisfy a density threshold condition indicative of a malware installation attempt; and
based on the proximity threshold condition and the density threshold condition being satisfied, causing a first service of the first telecommunication device to be suspended.
15. A method implemented by one or more processors executing computer program instructions, the method comprising:
obtaining activity log data from a plurality of telecommunication devices located at different geographic locations, wherein the activity log data comprises loading of software on a first telecommunication device of the plurality of telecommunication devices and loading of instances of the software on other telecommunication devices of the plurality of telecommunication devices;
detecting, based on the software that was loaded on the first telecommunication device, a candidate event indicating malware loaded on the first telecommunication device;
identifying a set of telecommunication devices for which the candidate event was detected in the activity log data;
determining, based on a proximity threshold condition, a number of proximate telecommunication devices included in the set of telecommunication devices, each of the proximate telecommunication devices being a telecommunication device that satisfies the proximity threshold condition;
determining whether the number of the proximate telecommunication devices satisfies a density threshold condition indicative of a malware installation attempt; and
responsive to determining that the number of the proximate telecommunication devices satisfy the density threshold condition, causing a first service of the first telecommunication device to be disabled.
As can be seen, each limitation from claim 2 of the instant application is present in the corresponding claim of the ‘630 patent. Thus, any invention that would infringe the instant application would also necessarily infringe the ‘630 patent, resulting in two patents on the same invention. Independent claims 1 and 17 of the instant application are likewise parallel to independent claims 1 and 5 of the ‘630 patent and are rejected for substantially similar reasons as discussed supra. Dependent claims 3-14 and 16-20 are likewise parallel to dependent claims 2-4, 6-14, and 16-20 of the ‘630 patent and are rejected for substantially similar reasons as discussed supra.
Allowable Subject Matter
Claims 1-20 are allowable over the prior art, for substantially similar reasons as set forth in the Notice of Allowance of application 17/401802 (now matured into U.S. Patent 12,164,630) mailed 7/30/24 (see pages 2-3).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, each of which also disclose scanning for malware via event or activity log scanning:
U.S. Patent 9,195,826 (Fang) – see e.g. col. 8, line 43 – col. 9, line 60
U.S. Patent Publication 2019/0392146 (Gezalov) – Abstract, and paragraphs 0012, 0036-0038
U.S. Patent Publication 2019/0109821 (Clark) – paragraph 0413
U.S. Patent Publication 2018/0288074 (Thayer) – e.g. Abstract, paragraphs 0014, 0017-0020, 0033-0043
U.S. Patent Publication 2016/0099963 (Mahaffey) – e.g. paragraphs 0148, 0155, 0186, 0408-0409, 0442, & 0483
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Thomas A Gyorfi whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached at 571-270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
THOMAS A. GYORFI
Examiner
Art Unit 2435
/THOMAS A GYORFI/Examiner, Art Unit 2435 3/7/2026