DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims 1 and 9 recite “calculating a probability of exposure…”, “calculating a threat score…”, and “calculating a probability of compromise…”, which falls into the “Mental Process” grouping of step 2A, prong one analysis for subject matter eligibility (MPEP 2106.04(a)). Additionally, MPEP 2106.04(a)(2), section III, explains that courts do not distinguish between mental processes that are performed entirely in the human mind and mental processes that require a human to use a physical aid (e.g., pen and paper) to perform the limitation (See Benson, 409 U.S. at 67, 65, 175 USPQ at 674-75, 674 (noting that the claimed "conversion of [binary-coded decimal] numerals to pure binary numerals can be done mentally," i.e., "as a person would do it by head and hand."); Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1139, 120 USPQ2d 1473, 1474 (Fed. Cir. 2016) (holding that claims to a mental process of "translating a functional description of a logic circuit into a hardware component description of the logic circuit" are directed to an abstract idea, because the claims "read on an individual performing the claimed steps mentally or with pencil and paper"). Nor do the courts distinguish between claims that recite mental processes performed by humans and claims that recite mental processes performed on a computer. As the Federal Circuit has explained, "[c]ourts have examined claims that required the use of a computer and still found that the underlying, patent-ineligible invention could be performed via pen and paper or in a person’s mind." Versata Dev. Group v. SAP Am., Inc., 793 F.3d 1306, 1335, 115 USPQ2d 1681, 1702 (Fed. Cir. 2015). See also Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1318, 120 USPQ2d 1353, 1360 (Fed. Cir. 2016) (‘‘[W]ith the exception of generic computer-implemented steps, there is nothing in the claims themselves that foreclose them from being performed by a human, mentally or with pen and paper.’’); Mortgage Grader, Inc. v. First Choice Loan Servs. Inc., 811 F.3d 1314, 1324, 117 USPQ2d 1693, 1699 (Fed. Cir. 2016) (holding that computer-implemented method for "anonymous loan shopping" was an abstract idea because it could be "performed by humans without a computer").
This judicial exception is not integrated into a practical application because the additional elements include “creating a graph”, “receiving threat evidence”, and “storing the threat evidence”. The identified additional elements are not sufficient to show improvement in the functioning of a computer or an improvement to other technology or technical field, implement the judicial exception with a particular machine, a transformation, or applying or using the judicial exception in some other meaningful way beyond general linking.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements amount to well-understood, routine, and conventional computer functionality. Therefore, the claims do not include an inventive concept that is significantly more than the abstract idea.
Claims 2-8 and 10-18, include limitations similar to the above-mentioned limitations that were not sufficient to integrate the judicial exception into a practical application. Nor would the additional elements be considered to be sufficient to amount to significantly more than the judicial exception.
Claim 19 recites “evaluate a riskiness of one of the nodes based on an inherent threat score…and a probability weighted sum of contributions of inherent threat scores…”, which falls into the “Mental Process” grouping of the step 2A, prong one analysis for subject matter eligibility (MPEP 2106.04(a)). Additionally, MPEP 2106.04(a)(2), section III, explains that courts do not distinguish between mental processes that are performed entirely in the human mind and mental processes that require a human to use a physical aid (e.g., pen and paper) to perform the limitation (See Benson, 409 U.S. at 67, 65, 175 USPQ at 674-75, 674 (noting that the claimed "conversion of [binary-coded decimal] numerals to pure binary numerals can be done mentally," i.e., "as a person would do it by head and hand."); Synopsys, Inc. v. Mentor Graphics Corp., 839 F.3d 1138, 1139, 120 USPQ2d 1473, 1474 (Fed. Cir. 2016) (holding that claims to a mental process of "translating a functional description of a logic circuit into a hardware component description of the logic circuit" are directed to an abstract idea, because the claims "read on an individual performing the claimed steps mentally or with pencil and paper"). Nor do the courts distinguish between claims that recite mental processes performed by humans and claims that recite mental processes performed on a computer. As the Federal Circuit has explained, "[c]ourts have examined claims that required the use of a computer and still found that the underlying, patent-ineligible invention could be performed via pen and paper or in a person’s mind." Versata Dev. Group v. SAP Am., Inc., 793 F.3d 1306, 1335, 115 USPQ2d 1681, 1702 (Fed. Cir. 2015). See also Intellectual Ventures I LLC v. Symantec Corp., 838 F.3d 1307, 1318, 120 USPQ2d 1353, 1360 (Fed. Cir. 2016) (‘‘[W]ith the exception of generic computer-implemented steps, there is nothing in the claims themselves that foreclose them from being performed by a human, mentally or with pen and paper.’’); Mortgage Grader, Inc. v. First Choice Loan Servs. Inc., 811 F.3d 1314, 1324, 117 USPQ2d 1693, 1699 (Fed. Cir. 2016) (holding that computer-implemented method for "anonymous loan shopping" was an abstract idea because it could be "performed by humans without a computer").
This judicial exception is not integrated into a practical application because the additional elements include “storing a graph”, “storing an evidence threat table”, “one or more processors”, and “one or more memories”. The identified additional elements are not sufficient to show improvement in the functioning of a computer or an improvement to other technology or technical field, implement the judicial exception with a particular machine, a transformation, or applying or using the judicial exception in some other meaningful way beyond general linking.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements amount to well-understood, routine, and conventional computer functionality. Therefore, the claims do not include an inventive concept that is significantly more than the abstract idea.
Claim 20 includes limitations similar to the above-mentioned limitations that were not sufficient to integrate the judicial exception into a practical application. Nor would the additional elements be considered to be sufficient to amount to significantly more than the judicial exception.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Seiver, U.S. Publication No. 2017/0078322, in view of Soroush, U.S. Publication No. 2021/0014283.
Referring to claim 19, Seiver discloses a network risk assessment system that includes a CPU (Figure 10, 150), mass storage (Figure 10, 120) and memory (Figure 10, 130) such that the risk assessment system stores a graph ([0075]: risk assessment system is operating on the graph which would require storage of the graph), which meets the limitation of a system comprising one or more processors, and one or more memories storing a graph. The graph is a representation of a cloud ([0355]) network topology that includes nodes each representing one or more network devices, which are connected to other nodes by edges representing logged communications and/or possible communication paths between nodes ([0073]: logged communications and/or possible communication paths would be considered the claimed access permissibility), which meets the limitation of a graph of entities in a cloud computing environment for an enterprise network, the graph including a plurality of nodes representing entities in the cloud computing environment and a plurality of edges, each one of the edges connected two of the nodes and characterized by an access permissibility between the two of the nodes. The system stores empirically generated evidence regarding the risk of the user accounts and network devices ([0206]), which meets the limitation of an evidence [table] storing threat evidence for the plurality of nodes. The risk assessment system can determined a compromise risk value for each node in the graph based upon the probability scores of nodes connected via the edges ([0081-[0084]) such that the compromise risk value can be a weighted sum ([0132]), which meets the limitation of computer executable code that configures the one or more processors to evaluate a riskiness of one of the nodes based on an inherent threat score of the one of the nodes, and a probability weighted sum of contributions of inherent threat scores for other nodes connected to the one of the nodes through the graph.
Seiver does not specify that the empirically generated evidence is stored in a table. Soroush discloses the storage of evidence in a table ([0054]), which meets the limitation of an evidence table. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the generated evidence regarding the risk of the user accounts and network devices in Seiver to have been stored in tables because Soroush suggests that tables represent one of a finite number of possible data structures that could have been utilized by one of ordinary skill in the art to store the evidence with a reasonable expectation of success (Soroush: [0054]).
Referring to claim 20, Seiver discloses that the compromise risk value generated using weighted summation ([0132]) includes weighting the compromise risk of all network devices in the communication paths with the network device ([0162]), which meets the limitation of wherein the probability weighted sum applies weights to each edge of the graph connecting the one of the nodes to one of the other nodes according to a corresponding access permissibility associated with the edge.
Allowable Subject Matter
Claims 1-18 are not rejectable in view of the prior art.
The following is a statement of reasons for the indication of allowable subject matter:
The claims require the creating of enterprise network graphs that include a plurality of notes in the enterprise network and a plurality of edges connecting two of the plurality of nodes in a manner that represents an access level between the nodes. An exposure probability is calculated for a first node in the graph based on an inherent exposure of the node and an initial access probability for one of the other nodes in the graph connected to first node. Stored threat evidence is utilized to calculate a threat score for the first node using values of threat evidence for the first node and values of threat evidence for other nodes in the graph connected to the first node. A probability of compromise value is calculated based upon the exposure probability and threat score values.
The closest prior art, (Seiver, U.S. Publication No. 2017/0078322) discloses a graph that is a representation of a cloud ([0355]) network topology that includes nodes each representing one or more network devices, which are connected to other nodes by edges representing logged communications and/or possible communication paths between nodes ([0073]: logged communications and/or possible communication paths would be considered the claimed access permissibility). The risk assessment system can determine a compromise likelihood value for each node in the graph based upon linkages and the accessibility of nodes ([0135]-[0136]: compromise likelihood value reads on the claimed probability of exposure; linkages reads on the claimed inherent exposure; permitted to access another node reads on the claimed initial access probability), which meets the limitation of calculating a probability of exposure for one of the plurality of nodes, wherein the probability of exposure is based on an inherent exposure of the one of the plurality of nodes and an initial access probability for the one or more other ones of the plurality of nodes connected to the one of the nodes by the edges of the graph. The risk assessment system can obtain and store external network events indicative of compromise ([0247]-[0250]), which meets the limitation of storing threat evidence for the plurality of nodes as one or more entries in an evidence [table]. The risk assessment system can obtain external network events indicative of compromise such that the system modifies compromise vulnerability values for the user accounts and/or network devices ([0247]-[0251]: modification amount reads on the claimed threat score; compromise vulnerability value prior to modification reads on the claimed probability of exposure) wherein the compromise vulnerability value is the compromise likelihood score ([0058]), which meets the claimed calculating a threat score for the one of the plurality of nodes based on a value of the threat evidence for the one of the plurality of nodes.
Seiver does not disclose that the modification amount is generated based upon the event data for the network device being assessed and the event data for the network devices linked to the network device being assessed as required by the claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Polak, U.S. Publication No. 2024/0356935, discloses an event-based threat detection system.
Batson, U.S. Publication No. 2024/0137390, discloses security event graphing for alert prioritization.
Marsenic, U.S. Publication No. 2023/0132703, discloses a cyber security system that utilizes graphs to capture the importance of network nodes.
Hanj, U.S. Patent No. 9,628,506, discloses detecting network security events utilizing graphs.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 5:30-4:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 5712705143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437