DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in reply to papers filed on 2019-12-10. Claims 1-21 are pending. Claims 1, 11, 12 is/are independent.

Information Disclosure Statement PTO-1449
The Information Disclosure Statement(s) submitted by applicant on 2018-08-14, 2019-12-10 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

Claim Objections
Claim(s) 2, 4-8, 13, 15-19 is/are objected to because of the following informalities: The examiner suggests the following corrections:
Claims 2, 13:
Amend the claim to read, in part, as follows "and a cyber-threat similar to the detected cyber-threat"
Claim 7:
Amend the claim to read, in part, as follows "
Dependent claims 4-8, 15-19 are objected to for the reasons presented above with respect to objected claims 2, 7, 13 and in view of their dependence thereon.

Claim Rejections - 35 U.S.C. § 112
The following is a quotation of 35 U.S.C. § 112(b):

Claim(s) 4-10, 15-21 is/are rejected under 35 U.S.C. § 112(b) or 35 U.S.C. § 112 ¶ 2 (pre-AIA ) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
In claim(s) 4 and 15, the phrase "determining if features of the at least one perceived threat are generic" contains a relative term which renders the claim indefinite.  The term "generic" is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.
In claim(s) 5 and 16, the phrase "determining if features of the at least one perceived threat are specific" contains a relative term which renders the claim indefinite.  The term "specific" is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.
In claims 9 and 20, the phrase "the security service includes one vector of a security engines, each representing intent of the cyber-threat" makes the claims ambiguous and therefore indefinite.  The term "a security engines" contains a singular/plural contradiction, making the claim impossible to parse with certainty.
In claims 9 and 20, the phrase "the cyber-threat" makes the claims ambiguous and therefore indefinite.  Because the claim fails to clearly state which of multiple possible e.g., "the detected cyber-treat" and "the perceived cyber threat" ), leaving a person having ordinary skill in the art unable to determine what the Applicant does and does not regard as the invention.  See Ex parte Kenichi Miyazaki, 89 U.S.P.Q. 2d 1207, *11 (BPAI 2008).
Claim(s) 9-10 and 20-21 are incomplete for omitting essential subject matter.  See MPEP § 2172.01.  In particular, the phrase "intent of the cyber threat" anthropomorphizes an inanimate event or software by supposing that a cyber threat thinks.  A person of ordinary skill in the art would have no means of determining what characteristics of a cyber threat are within the scope or the claim or are outside of the scope.  Further, the term "intent" is not defined by the claim, the specification does not provide a standard for ascertaining what constitutes the claimed "intent", and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.
In claim 20, the phrase "the security service includes one vector of a security engines" makes the claims ambiguous and therefore indefinite.  Because the claim fails to clearly state which of multiple possible antecedents the phrase "a security engines" relates to, the claim is amenable of multiple plausible constructions (e.g., "a security decision engine in a service" (claim 12) and a new entity), leaving a person having ordinary skill in the art unable to determine what the Applicant does and does not regard as the invention.  See Ex parte Kenichi Miyazaki, 89 U.S.P.Q. 2d 1207, *11 (BPAI 2008).
Dependent claims 6-8, 17-19 are rejected for the reasons presented above with respect to rejected claims 5, 16, and in view of their dependence thereon.

35 U.S.C. § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim(s) 1-7, 9-18, 20-21 is/are rejected under 35 U.S.C. § 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) "classification of cyber-threats", which is a mental process ending in the formation of a decision on which no action is taken.  This judicial exception is not integrated into a practical application because (i) the classification decision is not acted upon with any practical effect and (ii) while certain generic computer elements are recited (e.g., memory (claim 12), "processing circuitry" (claim 12), "non-transitory computer readable medium " (claim 11), "file name and a hash value" (claim 6)) are generically recited computer elements that do not add a meaningful limitation to the abstract idea because they amount to simply implementing the abstract idea on a computer.  The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception.  Examiner notes that the "security decision engine" (claim 12) does not appear in the body of the claim and appears to be an object upon which the claim acts, not a part of the claimed system.  Many of the claim limitations are mere extra-solution activity (e.g., retrieving textual information from external sources).  Likewise, "natural language processing" (claim 7), "truncating" (claim 5), and other similar limitations are merely additional mental processes that are part of the abstract idea.
 claims 8, 19 are objected to in view of their dependence upon the rejected claims.

Summary of Claim Rejections under 35 U.S.C. § 102 and § 103
The following table summarizes the rejections set forth in detail below of the claims over the prior art.

Claim No.
Natarajan '426 
Natarajan '426 in view of Titonis '706 
Natarajan '426 in view of Titonis '706 in view of Schmidtler '435 
1
[Wingdings font/0xFC]


2
[Wingdings font/0xFC]


3
[Wingdings font/0xFC]


4

[Wingdings font/0xFC]

5

[Wingdings font/0xFC]

6

[Wingdings font/0xFC]

7


[Wingdings font/0xFC]
8


[Wingdings font/0xFC]
9
[Wingdings font/0xFC]


10
[Wingdings font/0xFC]


11
[Wingdings font/0xFC]


12
[Wingdings font/0xFC]


13
[Wingdings font/0xFC]


14
[Wingdings font/0xFC]


15

[Wingdings font/0xFC]

16

[Wingdings font/0xFC]

17

[Wingdings font/0xFC]

18


[Wingdings font/0xFC]
19


[Wingdings font/0xFC]
20
[Wingdings font/0xFC]


21
[Wingdings font/0xFC]




Claim Rejections - 35 U.S.C. § 102
The following is a quotation of the appropriate paragraphs of AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –



(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 1-3, 9-14, 20-21 is/are rejected under 35 U.S.C. § 102 as being anticipated by U.S. Publication 20140208426 to Natarajan et al. (hereinafter "Natarajan '426").  Natarajan '426 is prior art to the claims under 35 U.S.C. § 102(a)(1) and 35 U.S.C. § 102(a)(2).
Per claim 1 (independent):
Natarajan '426 discloses a method for classification of cyber-threats (authority node 120 / Feed Central Cloud (FCC) components 704 classifies detected threats [Natarajan '426 ¶ 0074, 0050])
Natarajan '426 discloses receiving a request for classifying a cyber-threat detected by a cyber-security system, wherein the request includes initial information about the detected cyber-threat (processing nodes send 658/816/826 requests to classify potential threats to authority node 120 / Feed Central Cloud (FCC) components 704 [Natarajan '426 ¶ 0074-0075, 0050, Fig. 7])
Natarajan '426 discloses enriching the initial information about the detected cyber-threat to provide textual information about at least one perceived threat related to the detected cyber-threat (authority node 120 / Feed Central Cloud (FCC) components 704 retrieves additional signatures from processing nodes [Natarajan '426 ¶ 0054] and from third party security lists [Natarajan '426 ¶ 0073])
Natarajan '426 discloses classifying each of the at least one perceived threat into a security service, wherein the classification is performed based on the respective textual information (authority node 120 / Feed Central Cloud (FCC) components 704 classifies detected threats [Natarajan '426 ¶ 0074, 0050] using additional signatures from 
Per claim 2 (dependent on claim 1):
Natarajan '426 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Natarajan '426 discloses enriching the initial information further comprises searching external resources for cyber-threats similar to detected cyber-threat, wherein the search is performing using aliases matching a threat identifier of the detected cyber-threat and retrieving from at least one of the external resources additional information related to the at least one perceived threat, wherein each perceived threat includes any one of: the detected cyber-threat and cyber-threat similar to detected cyber-threat (uses additional signatures from processing nodes [Natarajan '426 ¶ 0054] and from third party security lists [Natarajan '426 ¶ 0073]; determines whether current potential threat "matches" fingerprint of known threats [Natarajan '426 ¶ 0047-0048, 0073, 0097-0098])
Per claim 3 (dependent on claim 1):
Natarajan '426 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Natarajan '426 discloses each external resource includes any information source maintained by any one of: cyber research organizations and cyber-security vendors (uses additional signatures from processing nodes [Natarajan '426 ¶ 0054] and from third party security lists [Natarajan '426 ¶ 0073])
Per claim 9 (dependent on claim 1):
Natarajan '426 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Natarajan '426 discloses the security service includes one vector of a security engines, each representing intent of the cyber-threat (decision vector encodes intent [Natarajan '426 ¶ 0034]; different security engines for different intents [Natarajan '426 ¶ 0083-0088, 0071, 0078]; determines intent (e.g., virus, malware, spam, phishing, undesirable content, confidential data leakage, adware, anonymizer) based on classification [Natarajan '426 ¶ 0034, 0037, 0071, 0081-0082, 0098])
Per claim 10 (dependent on claim 1):
Natarajan '426 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference
Natarajan '426 discloses determining the intent of each of the at least one perceived threat based on the classification (determines intent (e.g., virus, malware, spam, phishing, undesirable content, confidential data leakage, adware, anonymizer) based on classification [Natarajan '426 ¶ 0034, 0037, 0071, 0081-0082, 0098])
Per claim 11 (independent):
Natarajan '426 discloses a non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process (processor(s), memory, computer readable media, storage, executable instructions [Natarajan '426 Figs. 2-4 and accompanying text])
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 1 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 12 (independent):
Natarajan '426 discloses a processing circuitry comprising a memory connected to the processing circuitry, wherein the memory contains instructions that, when executed by the processing circuitry, configure the cyber-security system to perform operations (processor(s), memory, computer readable media, storage, executable instructions [Natarajan '426 Figs. 2-4 and accompanying text])
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 1 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 13 (dependent on claim 12):
Natarajan '426 discloses the elements detailed in the rejection of claim 12 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 2 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 14 (dependent on claim 12):
Natarajan '426 discloses the elements detailed in the rejection of claim 12 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 3 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 20 (dependent on claim 12):
Natarajan '426 discloses the elements detailed in the rejection of claim 12 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 9 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 21 (dependent on claim 12):
Natarajan '426 discloses the elements detailed in the rejection of claim 12 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 10 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.

Claim Rejections - 35 U.S.C. § 103
The following is a quotation of AIA  35 U.S.C. 103 that forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. § 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 4-6, 15-17 is/are rejected under 35 U.S.C. § 103 as being unpatentable over Natarajan '426 in view of U.S. Publication 20130097706 to Titonis et al. (hereinafter "Titonis '706").  Titonis '706 is prior art to the claims under 35 U.S.C. § 102(a)(1) and 35 U.S.C. § 102(a)(2).
Per claim 4 (dependent on claim 2):
Natarajan '426 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference
Natarajan '426 does not disclose determining if features of the at least one perceived threat are generic, wherein the features are defined in the retrieved information and using the retrieved information for classifying the at least one perceived threat, when the features are determined not to be generic
Further:
Titonis '706 discloses determining if features of the at least one perceived threat are generic, wherein the features are defined in the retrieved information and using the retrieved information for classifying the at least one perceived threat, when the features are determined not to be generic (performs generalized and specific classification [Titonis '706 ¶ 0294, 0312-0344])
It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Natarajan '426 with the generalized and specifized classification of Titonis '706  to arrive at an apparatus, method, and product including:
determining if features of the at least one perceived threat are generic, wherein the features are defined in the retrieved information and using the retrieved information for classifying the at least one perceived threat, when the features are determined not to be generic
A person having ordinary skill in the art would have been motivated to combine them at least because doing so would reduce classifications so general as to be practically useless while simultaneously producing classifications generalized enough to provide information about variants of threats and about threats that are similar.  That is, while every snow flake is said to be slightly different, many snowflakes are similar enough to be handled in the same way.  A person having ordinary skill in the art would have been further motivated to combine them at 
Per claim 5 (dependent on claim 2):
Natarajan '426 discloses the elements detailed in the rejection of claim 2 above, incorporated herein by reference
Natarajan '426 does not disclose determining if features of the at least one perceived threat are specific, wherein the features are defined in the retrieved information and truncating the features to generalize their identities, when the features are determined to be specific
Further:
Titonis '706 discloses determining if features of the at least one perceived threat are specific, wherein the features are defined in the retrieved information and truncating 
For the reasons detailed above with respect to claim 4, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Natarajan '426 with the generalized and specifized classification of Titonis '706  to arrive at an apparatus, method, and product including:
determining if features of the at least one perceived threat are specific, wherein the features are defined in the retrieved information and truncating the features to generalize their identities, when the features are determined to be specific
Per claim 6 (dependent on claim 5):
Natarajan '426 in view of Titonis '706  discloses the elements detailed in the rejection of claim 5 above, incorporated herein by reference
Natarajan '426 discloses the features include at least any of: a file name and a hash value of the least one the at least one perceived threat (compares names and hash values [Natarajan '426 ¶ 0047-0048, 0077])
Per claim 15 (dependent on claim 13):
Natarajan '426 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 4 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 16 (dependent on claim 13):
Natarajan '426 discloses the elements detailed in the rejection of claim 13 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 5 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 17 (dependent on claim 16):
Natarajan '426 in view of Titonis '706  discloses the elements detailed in the rejection of claim 16 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 6 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Claim(s) 7, 8, 18, 19 is/are rejected under 35 U.S.C. § 103 as being unpatentable over Natarajan '426 in view of Titonis '706 in view of U.S. Publication 20160335435 to Schmidtler et al. (hereinafter "Schmidtler '435").  Schmidtler '435 is prior art to the claims under 35 U.S.C. § 102(a)(1) and 35 U.S.C. § 102(a)(2).
Per claim 7 (dependent on claim 6):
Natarajan '426 in view of Titonis '706  discloses the elements detailed in the rejection of claim 6 above, incorporated herein by reference
Natarajan '426 does not disclose classifying each of the at least one perceived threat using natural language processing
However, Natarajan '426 discloses classifying each of the at least one perceived threat using processing (authority node 120 / Feed Central Cloud (FCC) components 704 classifies detected threats [Natarajan '426 ¶ 0074, 0050])
Further:
Schmidtler '435 discloses classifying each of the at least one perceived threat using natural language processing (uses natural language processing to classify threats [Schmidtler '435 ¶ 0022])
It would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Natarajan '426 with the natural language processing and vector classification of Schmidtler '435  to arrive at an apparatus, method, and product including:
classifying each of the at least one perceived threat using natural language processing
A person having ordinary skill in the art would have been motivated to combine them at least because doing so would provide a robust implementation of the classification scheme of Natarajan '426 and readily generate the vectors called for by Natarajan '426 [Natarajan '426 ¶ 0034].  That is, while every snow flake is said to be slightly different, many snowflakes are similar enough to be handled in the same way.  A person having ordinary skill in the art would have been further motivated to combine them at least because Schmidtler '435  teaches 
Per claim 8 (dependent on claim 7):
Natarajan '426 in view of Titonis '706 in view of Schmidtler '435 discloses the elements detailed in the rejection of claim 7 above, incorporated herein by reference
Natarajan '426 does not disclose normalizing the textual information of the at least one perceived threat
Natarajan '426 discloses generating, a vector representing the perceived threat, for each of the at least one perceived threat (decision vector encodes intent [Natarajan '426 ¶ 0034]; determines intent (e.g.
Natarajan '426 does not disclose mapping each of the generated vector to a security service, wherein the security service represents a cyber-solution category, wherein the mapping is performed using a classification model
However, Natarajan '426 discloses each of the generated vector and a security service, wherein the security service represents a cyber-solution category (different security engines for different intents [Natarajan '426 ¶ 0083-0088, 0071, 0078]; determines intent (e.g., virus, malware, spam, phishing, undesirable content, confidential data leakage, adware, anonymizer) based on classification [Natarajan '426 ¶ 0034, 0037, 0071, 0081-0082, 0098])
Natarajan '426 does not disclose associating each of the at least one perceived threat with the security service, when an evaluation threshold is met
However, Natarajan '426 discloses associating each of the at least one perceived threat with the security service, when an evaluation is met (different security engines for different intents [Natarajan '426 ¶ 0083-0088, 0071, 0078])
Further:
Titonis '706 discloses normalizing the textual information of the at least one perceived threat (classifies suspicious binaries by normalizing feature profile  [Titonis '706 ¶ 0223])
For the reasons detailed above with respect to claim 4, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed invention and (2) before the invention was made to have modified Natarajan '426 with the generalized and specifized classification of Titonis '706 to arrive at an apparatus, method, and product including:
normalizing the textual information of the at least one perceived threat
Further:
Schmidtler '435 discloses mapping each of the generated vector, wherein the mapping is performed using a classification model (maps vectors using a classification model [Schmidtler '435 ¶ 0049-0051, 0058-0060])
Schmidtler '435 discloses associating each of the at least one perceived threat with the classification, when an evaluation threshold is met (classifies threats when similarity threshold is met [Schmidtler '435 ¶ 0051, 0060])
For the reasons detailed above with respect to claim 7, it would have been obvious to a person having ordinary skill in the art (1) before the effective filing date of the claimed 
mapping each of the generated vector to a security service, wherein the security service represents a cyber-solution category, wherein the mapping is performed using a classification model
associating each of the at least one perceived threat with the security service, when an evaluation threshold is met
Per claim 18 (dependent on claim 17):
Natarajan '426 in view of Titonis '706  discloses the elements detailed in the rejection of claim 17 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 7 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.
Per claim 19 (dependent on claim 17):
Natarajan '426 in view of Titonis '7061 discloses the elements detailed in the rejection of claim 17 above, incorporated herein by reference
The remaining limitations of the claim(s) correspond(s) to features of claim(s) 8 and the claim(s) is/are rejected for the reasons detailed with respect to those claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THEODORE C PARSONS whose telephone number is (571)270-1475.  The examiner can normally be reached on MTWRF 7:30-4:30.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/THEODORE C PARSONS/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Examiner notes that claims 8 and 19 recite similar subject matter, but claim 8 depends from claim 7 while claim 19 does not depend from claim 18.