DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/08/2025 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12229278. Although the claims at issue are not identical, they are not patentably distinct from each other.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pub.No.: US 2008/0148364 A1 to Hopen et al(hereafter referenced as Hopen) in view of Patent No.: US 8,396,890 B2 to Lim.
Hopen discloses “a method comprising: receiving security practices information associated with a vendor computing system(server [Fig.1/item 103]) , sub vendor security practices information associated with a sub vendor computing system (policy server system [Fig.3/item 301]), and computing services interaction information from a client computing system(security practices are received from the policy server [Fig.4/item 401]), wherein the security practices information characterizes security measures in place at the vendor computing system” (policy enforcer compiled on client workstation [Fig.4/item 403, 405]); “the sub vendor security practices information characterizes security measures in place at the sub vendor computing system” (policy enforcer compiled on client workstation [Fig.4/item 403, 405]), and the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system (Policy server and provisioning server [Fig.3]).
Hopen does not explicitly disclose “determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information associated with a vendor and sub vendor security practices information associated with a sub vendor; transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system.”
However, Lim in an analogous art discloses “determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information associated with a vendor and sub vendor security practices information associated with a sub vendor” (intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis, workforce productivity analysis, analyze effectiveness of policies, event correlation, anomaly detection, signature (or pattern) detection, threshold violation detection, detect information misuse, or fraud detection. Policy author and policy administrator can use the capabilities offered by the reporting and analysis module 502 to analyze effectiveness of a policy Lim[Col.11/lines 37-44]); “transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system” (policy enforcer comprising Consequence Applicator Lim [Fig.9]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Hopen’s system to control security information in a computer network with Lim’s system to detect behavioral patterns and anomalies in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Hopen discloses a system policy enforcing system, Lim teaches a system that includes an intelligence server for report and analysis, and both are from the same field of endeavor.
Regarding claim 2 in view of claim 1, the references combined disclose “wherein detecting a change in security practices information at the vendor computing system, wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information” (FIG. 8 shows the internal components of the intelligence server 801. The intelligence server provides summary and trend analysis, signature (or pattern), anomaly, and threshold detection on document access activity, information usage activity, and policy enforcement activity Lim[Col.14/lines 45-50]).
Regarding claim 3 in view of claim 2, the references combined disclose “wherein an updated risk profile message is transmitted to the client computing system, the updated risk profile message including an updated risk profile” (policy enforcer comprising Consequence Applicator Lim [Fig.9]).
Regarding claim 4 in view of claim 3, the references combined disclose “wherein determining the risk profile comprises analyzing a third-party assessment of security measures at the vendor computing system” (intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis, workforce productivity analysis, analyze effectiveness of policies, event correlation, anomaly detection, signature (or pattern) detection, threshold violation detection, detect information misuse, or fraud detection. Policy author and policy administrator can use the capabilities offered by the reporting and analysis module 502 to analyze effectiveness of a policy Lim[Col.11/lines 37-44]).
Regarding claim 5 in view of claim 4, the references combined disclose “wherein the third-party assessment of security measures comprises third-party audit information” (intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis, workforce productivity analysis, analyze effectiveness of policies, event correlation, anomaly detection, signature (or pattern) detection, threshold violation detection, detect information misuse, or fraud detection. Policy author and policy administrator can use the capabilities offered by the reporting and analysis module 502 to analyze effectiveness of a policy Lim[Col.11/lines 37-44]).
Regarding claim 6 in view of claim 5, the references combined disclose “wherein the risk profile is determined by estimating a plurality of dimensional risk factors for a plurality of security dimensions” (FIG. 8 shows the internal components of the intelligence server 801. The intelligence server provides summary and trend analysis, signature (or pattern), anomaly, and threshold detection on document access activity, information usage activity, and policy enforcement activity Lim[Col.14/lines 45-50]).
Regarding claim 7 in view of claim 6, the references combined disclose “wherein a plurality of weights to a plurality of dimensional risk factors corresponding to a plurality of security dimensions are adjusted based on the change in security practices information” (an analysis tool 504 inter acts with the intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis Lim[Col.11/lines 36-38]).
Regarding claim 8 in view of claim 7, the references combined disclose “wherein the first dimensional risk factor reflects a reported security practice associated with the first security dimension, the first dimensional risk factor reflecting a level of assurance associated with the reported security practice” (reporting and analysis module 502 see also Lim [Col.31-36]),, and wherein determining the risk profile comprises calculating a weighted average of the plurality of dimensional risk factors” (reporting and analysis module 502 see also Lim [Col.31-36]).
Regarding claim 9 in view of claim 8, the references combined disclose “wherein determining the estimate of the information security risk comprises determining a weighting value for each of the dimensional risk factors based on the computing services interaction information, the weighting reflecting a relative importance of the dimensional risk factor to the estimate of an information security risk” (an analysis tool 504 inter acts with the intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis [Col.11/lines 36-38]).
Regarding claim 10 in view of claim 9, the references combined disclose “wherein determining the risk profile comprises applying natural language processing to free-form text information to determine a respective dimensional risk level” (Still further, the schema elements may include the local (human) language used by the client 313 Hopen [par.0088]).
Regarding claim 11 in view of claim 10, the references combined disclose “wherein the computing services interaction information includes a data sensitivity level associated with the transmitted data” (i.e., intelligence server Lim [Fig.5/item 510] receives information from report and analysis module to make a determination).
Regarding claim 12 in view of claim 11, the references combined disclose “wherein determining the risk profile comprises matching the third-party assessment with the free-form text information using natural language processing.” (Still further, the schema elements may include the local (human) language used by the client 313 Hopen [par.0088]).
Regarding claim 13 in view of claim 9, the references combined disclose “wherein the security practices information comprises information characterizing a user authentication procedure and an encryption algorithm employed at a first computing device” ( the access server 303 may be configured to cooperate with software resident on the client 313 to create a Virtual Private Network (VPN) secure communication session between the client 313 and the server system 301 using secure encryption communication protocols Hopen [par.0035]).
Regarding claim 14 in view of claim 9, the references combined disclose “wherein the risk profile is determined in part based on automated security analysis performed by transmitting a security practice detection message to a first computing device(transmission of services from server to client Hopen[Fig.1]),, the security practice detection message being designed to test the security measures in place at the first computing device” (Anti-virus agents then detect and protect against viruses and other similar threats Hopen[par.0069]).
Regarding claim 15, Hopen discloses “a system comprising: an input interface configured to receive security practices information associated with a vendor computing system, sub vendor security practices information associated with a sub vendor computing system(policy server system [Fig.3/item 301]), and computing services interaction information from a client computing system, wherein the security practices information characterizes security measures in place at the vendor computing system(policy enforcer compiled on client workstation [Fig.4/item 403, 405]) , the sub vendor security practices information characterizes security measures in place at the sub vendor computing system, and the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system (Policy server and provisioning server [Fig.3]).
Hopen does not explicitly disclose “a processor configured to determine a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information associated with a vendor and sub vendor security practices information associated with a sub vendor; an output interface configured to transmit a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system.”
However, LIM in an analogous art discloses “a processor configured to determine a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information associated with a vendor and sub vendor security practices information associated with a sub vendor(intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis, workforce productivity analysis, analyze effectiveness of policies, event correlation, anomaly detection, signature (or pattern) detection, threshold violation detection, detect information misuse, or fraud detection. Policy author and policy administrator can use the capabilities offered by the reporting and analysis module 502 to analyze effectiveness of a policy Lim[Col.11/lines 37-44]);; an output interface configured to transmit a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system” (policy enforcer comprising Consequence Applicator Lim [Fig.9]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Hopen’s system to control security information in a computer network with Lim’s system to detect behavioral patterns and anomalies in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Hopen discloses a system policy enforcing system, Lim teaches a system that includes an intelligence server for report and analysis, and both are from the same field of endeavor.
Regarding claim 16 in view of claim 1, the references combined disclose “wherein detecting a change in security practices information at the vendor computing system, wherein a first weight to a first dimensional risk factor corresponding to a first security dimension associated with security practices information is adjusted at the processor based on the change in security practices information” (FIG. 8 shows the internal components of the intelligence server 801. The intelligence server provides summary and trend analysis, signature (or pattern), anomaly, and threshold detection on document access activity, information usage activity, and policy enforcement activity Lim[Col.14/lines 45-50]).
Regarding claim 17 in view of claim 16, the references combined disclose “wherein determining the risk profile comprises analyzing a third-party assessment of security measures at the vendor computing system” (intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis, workforce productivity analysis, analyze effectiveness of policies, event correlation, anomaly detection, signature (or pattern) detection, threshold violation detection, detect information misuse, or fraud detection. Policy author and policy administrator can use the capabilities offered by the reporting and analysis module 502 to analyze effectiveness of a policy Lim[Col.11/lines 37-44]),
Regarding claim 18 in view of claim 17, the references combined disclose “wherein the third-party assessment of security measures comprises third-party audit information” (intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis, workforce productivity analysis, analyze effectiveness of policies, event correlation, anomaly detection, signature (or pattern) detection, threshold violation detection, detect information misuse, or fraud detection. Policy author and policy administrator can use the capabilities offered by the reporting and analysis module 502 to analyze effectiveness of a policy Lim[Col.11/lines 37-44]).
Regarding claim 19 in view of claim 15, the references combined disclose “wherein the risk profile is determined by estimating a plurality of dimensional risk factors for a plurality of security dimensions.” (FIG. 8 shows the internal components of the intelligence server 801. The intelligence server provides summary and trend analysis, signature (or pattern), anomaly, and threshold detection on document access activity, information usage activity, and policy enforcement activity Lim[Col.14/lines 45-50]).
Regarding claim 20 Hopen discloses “a non-transitory computer readable medium comprising: computer code for receiving security practices information associated with a vendor computing system, sub vendor security practices information associated with a sub vendor computing system(policy server system [Fig.3/item 301]),,, and computing services interaction information from a client computing system, wherein the security practices information characterizes security measures in place at the vendor computing system(policy enforcer compiled on client workstation [Fig.4/item 403, 405]), the sub vendor security practices information characterizes security measures in place at the sub vendor computing system(Policy server and provisioning server [Fig.3]).
Hopen does not explicitly disclose “and the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system; computer code for determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information associated with a vendor and sub vendor security practices information associated with a sub vendor; computer code for transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system.”
However, Lim in an analogous art discloses “and the computing services interaction information characterizes data for transmission from the client computing system to the vendor computing system; computer code for determining a risk profile for the vendor computing system by using a processor to estimate a first dimensional risk factor for a first security dimension associated with the security practices information associated with a vendor and sub vendor security practices information associated with a sub vendor(intelligence server 510 to perform data analysis which includes trend analysis, resource utilization analysis, workforce productivity analysis, analyze effectiveness of policies, event correlation, anomaly detection, signature (or pattern) detection, threshold violation detection, detect information misuse, or fraud detection. Policy author and policy administrator can use the capabilities offered by the reporting and analysis module 502 to analyze effectiveness of a policy Lim[Col.11/lines 37-44]); computer code for transmitting a risk profile message to the client computing system, wherein the risk profile message is client-specific to the client computing system and depends on information to be transmitted from the client computing system to the vendor computing system.” (policy enforcer comprising Consequence Applicator Lim [Fig.9]).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Hopen’s system to control security information in a computer network with Lim’s system to detect behavioral patterns and anomalies in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Hopen discloses a system policy enforcing system, Lim teaches a system that includes an intelligence server for report and analysis, and both are from the same field of endeavor.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL D ANDERSON/ Examiner, Art Unit 2433
/JEFFREY C PWU/ Supervisory Patent Examiner, Art Unit 2433