Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
III. DETAILED ACTION
Claims 1-20 are presented for examination.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. See In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and, In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent is shown to be commonly owned with this application. See 37 CFR 1.130(b).
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Independent claims 1, 8 and 15 of the instant application are rejected under the judicially created doctrine of double patenting over claims 1, 8 and 14 (respectively) of Chkodrovet al. (U.S. Patent No. 12271385) since the claims, if allowed, would improperly extend the "right to exclude" already granted in the patent.
INSTANT APPLICATION
Chkodrovet al. (U.S. Patent No. 12271385)
1. A computerized system comprising: one or more computer processors; and computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations comprising: receiving, via a query-authoring interface, parameters of an observation stream query, wherein the query-authoring interface comprises interface portions for inputting the parameters for querying a plurality of security data sources and performing dynamic tracking of a security incident; communicating the observation stream query to an observation stream engine to cause generation of observation stream data, the observation stream data provides an observation stream timeline associated with dynamic tracking of the security incident based on the observation stream data comprising security incidents with corresponding timestamps and user-defined interpretation data; receiving the observation stream data comprising security incidents with corresponding timestamps and user-defined interpretation data; and causing display, via a view interface, of the observation stream data.
2. The system of claim 1, the operations further comprising: accessing, at the observation stream engine, the observation stream query, the observation stream query is a user-generated observation stream query; causing execution of the observation stream query against the plurality of data security sources based on the parameters; generating the observation stream data associated with the observation stream query, the observation stream data comprising security incidents with corresponding timestamps and user-defined interpretation data, wherein the user-defined interpretation data is generated based on a parameter from the observation stream query, wherein generating the user-defined interpretation data comprises extracting a portion of raw observation stream data associated with monitoring the security incident across a plurality of computing resources; and communicating the observation stream data to cause display of the observation stream data on an observation stream interface comprising graphical interface elements associated with the observation stream data.
1. A computerized system comprising: one or more computer processors; and computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations comprising: accessing, at an observation stream engine, an observation stream query, the observation stream query is a user-generated observation stream query, wherein the observation stream query comprises parameters for querying a plurality of security data sources and performing dynamic tracking of a security incident; causing execution of the observation stream query against the plurality of data security sources based on the parameters; generating observation stream data associated with the observation stream query, the observation stream data provides an observation stream timeline associated with dynamic tracking of the security incident based on the observation stream data comprising security incidents with corresponding timestamps and user-defined interpretation data, wherein the user-defined interpretation data is generated based on a parameter from the observation stream query, wherein generating the user-defined interpretation data comprises extracting a portion of raw observation stream data associated with monitoring the security incident across a plurality of computing resources to define the observation stream timeline; and communicating the observation stream data to cause display of the observation stream data on an observation stream interface comprising graphical interface elements associated with the observation stream data.
As shown above, claims 1, 8 and 14 (respectively) of Chkodrovet al. (U.S. Patent No. 12271385) contains at least the elements of claims 1, 8 and 15 of the instant application and as such anticipates claims 1, 7 and 8 of the instant application.
“A later application claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus).” ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Muddu et al. U.S. 20190109868 in view of Muddu et al. U.S. 20190109868.
As to claim 1, Muddu discloses a computerized system comprising: one or more computer processors; and computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations comprising:
parameters of an observation stream query (query [0323]), querying a plurality of security data sources and performing dynamic tracking of a security incident ([0702][0638]);
communicating the observation stream query to an observation stream engine to cause generation of observation stream data ([0149]), the observation stream data provides an observation stream timeline ([0453]) associated with dynamic tracking of the security incident based on the observation stream data comprising security incidents with corresponding timestamps and user-defined interpretation data ([0671] fig. 57, 58);
receiving the observation stream data comprising security incidents with corresponding timestamps and user-defined interpretation data ([0671] fig. 57, 58); and
causing display, via a view interface, of the observation stream data (fig. 2).
Muddu does explicitly teach receiving, via a query-authoring interface, parameters of an observation stream query, wherein the query-authoring interface comprises interface portions for inputting the parameters.
Muddu receiving, via a query-authoring interface (the security platform can prompt (e.g., through a user interface) the administrator to specify the data format. [0206]), parameters of an observation stream query (parameters. [0646] [0654]), wherein the query-authoring interface comprises interface portions for inputting ([0206]) the parameters ([0646] [0654]).
It would have been obvious to a person having ordinary skill in the art at the time the invention was made to have modified Muddu by the teaching of Muddu to include receiving, via a query-authoring interface parameters of an observation stream query wherein the query-authoring interface comprises interface portions for inputting the parameters with the motivation to provide better monitoring as taught by Muddu ([0006]).
As to claim 2, Muddu as modified teaches a system of claim 1, the operations further comprising:
accessing, at the observation stream engine, the observation stream query, the observation stream query is a user-generated observation stream query; causing execution of the observation stream query against the plurality of data security sources based on the parameters ((parameters. [0646] [0654][0657] fig.73);
generating the observation stream data associated with the observation stream query,[0646] [0654][0657] fig.73);
the observation stream data comprising security incidents ([0702][0638]) with corresponding timestamps and user-defined interpretation data ([0671] fig. 57, 58);
wherein the user-defined interpretation data is generated based on a parameter from the observation stream query, wherein generating the user-defined interpretation data comprises extracting a portion of raw observation stream data associated with monitoring the security incident across a plurality of computing resources[0646] [0654][0657] fig.73); and
communicating the observation stream data to cause display of the observation stream data on an observation stream interface comprising graphical interface elements associated with the observation stream data (fig. 2 and ([0671] fig. 57, 58).
As to claim 3, Muddu as modified teaches a system of claim 2, wherein causing execution of the observation stream query comprises:
causing execution of a first query portion that is a real-time query to receive a first set of event data; causing execution of a second query portion that is a query-on-timer query to receive a second set of event data ([0147]);
generating the raw observation stream data based on the first set of event data and the second set of event data ([0147]).
As to claim 4, Muddu as modified teaches a system of claim 2, wherein generating observation stream data associated with the observation stream query further comprises
one of: based on the parameters of the observation stream query, classifying an event in the observation stream data with a classification type, wherein the classification type is associated with interface highlighting element ([0477]);
tagging the event with the interface highlight element to cause presentation of the event based on the interface highlight element ([0477]);
and identifying a presentation setting parameter associated with the use-defined interpretation data and mapping the presentation setting parameter with the user-defined parameter to cause presentation of the user-defined interpretation data based on the presentation setting parameter ([0517] [0477]).
As to claim 5, Muddu as modified teaches a 5. The system of claim 1, wherein the
observation stream query is associated with an observation stream query-type of a plurality of observation stream query-types, wherein observation stream query-types are selectable predefined security sensors comprising parameters for retrieving raw observation stream data and generating user-defined interpretation data. ([0638[0517] [0477]).
As to claim 6, Muddu as modified teaches a system of claim 1, wherein
the plurality of security data sources include a first data source that is configured for real-time queries and a second data source that is configured for query-on-timer queries, the first data source is associated with a first schema for storing event data and the second data source is associated with a second schema for storing event data ([0638[0517] [0477]); and
wherein the observation stream query comprises a first query portion having a real-time query for the first data source and a second query portion having a query-on-time query for the second data source ([0638[0517] [0477]).
As to claim 7, Muddu as modified teaches a system of claim 1, wherein
the view interface comprises interface portions for presenting timestamps, an observation type corresponding to an observation stream query-type and details comprising the user-defined interpretation data. ([0638[0517] [0477]).
As to claims 8-20, the limitations of these claims have been noted in the rejection above. They are therefore rejected as set forth above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Yicun Wu whose telephone number is 571-272-4087. The examiner can normally be reached on 8:00 am to 4:30 pm, Monday -Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kavita Stanley, can be reached on (571) 571-272-8352. The fax phone numbers for the organization where this application or proceeding is assigned are 571-273-8300.
Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the receptionist whose telephone number is 571-272-2100.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.
Status information for unpublished applications is available through Private PAIR only.
For more information about the PAIR system:
"http://portal.uspto.gov/external/portal/pair"
Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 866-217-9197 (toll-free)
If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Yicun Wu
Patent Examiner
Technology Center 2100
/YICUN WU/
Primary Examiner, Art Unit 2153