DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-11 are presented for examination.

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Claim Objections
Claim 7 is objected to because of the following informalities:  
In claim 7, lines 11-12: “update based on the monitoring data” is unclear if it relates to “update the determination model using the monitoring data” (claim 5, line 8) or “update the determination model” (claim 7, line 6).
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-11 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) 1 and 9 recite(s) determining whether or not the 
The limitation of determining whether or not the event is a warning target, under its broadest reasonable interpretation, covers performance of the limitation in the mind. That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, the determining step in the context of this claim encompasses the user manually determining whether the event is a warning target. Similarly, the limitation of updating the determination model, under its broadest reasonable interpretation, covers performance of the limitation in the mind. That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, the determining step in the context of this claim encompasses the user manually updating the determination model. Similarly, the limitation of correcting the determination model updated based on the monitoring data, under its broadest reasonable interpretation, covers performance of the limitation in the mind. That is, nothing in the claim element precludes the step from practically being performed in the mind. For example, the determining step in the context of this claim encompasses the user manually correcting the determination model updated based on the monitoring data. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind then it falls within the “mental processes” grouping of abstract ideas. Accordingly, the claims recite an abstract idea.
This judicial exception is not integrated into a practical application. The claims additionally recite the elements of using a processor to execute instructions and acquiring monitoring data representing an event. The processor is recited at a high-level of generality (i.e. as a generic processor) such that it amounts to no more than mere instructions to apply the exception using a generic computer component.  The acquiring step is recited at a high level of generality (i.e. general means of acquiring data), and amounts to mere data gathering, which is a form of insignificant extra-solution activity. Thus, 
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, as discussed above, using a processor to perform the instructions is no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The acquiring step is not indicated as being performed by an apparatus other than a generic computer component, and data collection is considered a well-understood, routine, and conventional function when claimed in a generic manner. Therefore, the acquiring step cannot provide an inventive concept. Accordingly, the claim is not patent eligible.
Claims 2-4, 6-8, and 11 are dependent on claims 1, 5, and 9, are therefore also rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more for similar reasons as discussed above.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 9, and 11 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Mayo (US 2018/0089430 A1).

memory storing instructions and at least one processor, wherein the at least one processor is configured to execute the instructions to (0018, lines 1-6; 0021, lines 1-7): 
acquire monitoring data representing an event (0037, lines 2-5); 
determine whether or not the event represented by the acquired monitoring data is a warning target, the determination being performed using a determination model that is for determining whether or not the event is a warning target (0029, lines 5-10; 0031, lines 2-5; 0037, lines 6-10; 0038, lines 2-7); 
update the determination model, based on the monitoring data and a result of the determination (0038, lines 21-23).

As to claim 11, Mayo discloses:
A non-transitory computer-readable storage medium storing a program that causes a computer to execute each step of the control method according to claim 9 (0018, lines 1-6; 0021, lines 1-7).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5, 6, and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mayo.

memory storing instructions and at least one processor, wherein the at least one processor is configured to execute the instructions to (0018, lines 1-6; 0021, lines 1-7): 
acquire monitoring data representing an event (0037, lines 2-5);
determine whether or not the event represented by the acquired monitoring data is a warning target, the determination being performed using a determination model that is for determining whether or not the event is a warning target (0029, lines 5-10; 0031, lines 2-5; 0037, lines 6-10; 0038, lines 2-7);
 update the determination model using the monitoring data (0038, lines 21-23).
Mayo does not explicitly disclose correct the determination model updated based on the monitoring data, based on a result of the determination; however, since Mayo also discloses that the process of scanning and updating is performed periodically (i.e. repeatedly), it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that the repetitive updating may be considered as corrections (0037, lines 2-10; 0038, lines 21-23).	

As to claim 6, Mayo does not explicitly disclose wherein the at least one processor is further configured to periodically correct the determination model; however, as discussed above, since Mayo also discloses that the process of scanning and updating is performed periodically (i.e. repeatedly), it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that the repetitive updating may be considered as corrections (0037, lines 2-10; 0038, lines 21-23).	

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Cheng et al. (US 2018/0144139 A1) discloses IOT device risk assessment.
Hong et al. (US 2020/0120117 A1) discloses a system and method for CAN communication based hacking attack detection.
Islam (US Patent 9,189,627 B1) discloses a system and method for conducting on-the-fly decryption of encrypted objects for malware detection.
Jevans (US 2016/0112451 A1) discloses a system and method for application security analysis.
Jones et al. (US Patent 9,537,880 B1) discloses a system and method for anomalous network monitoring and user behavior detection.
Ma (US 2020/0279224 A1) discloses a system and method for blockchain-based program review.
Pierce et al. (US 2019/0007451 A1) discloses a system and method for automatically collecting and rapidly aggregating global security threat indicators to customer environments.
Prince et al. (US 2011/0282997 A1) discloses a system and method for custom responses for resource unavailable errors.
Ricafort et al. (US 2016/0050224 A1) discloses a system and method for unwanted tunneling alerts.
Ryan et al. (US 2019/0132273 A1) discloses a system and method for analysis and reporting of suspicious email.
Steinberg (US Patent 10,395,029 B1) discloses a system and method for virtual threat protection.
Turgeman et al. (US 2018/0160309 A1) discloses a system and method for differentiating between a cyber-attacker and legitimate user.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835.  The examiner can normally be reached on 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SARAH SU/Primary Examiner, Art Unit 2431