PNG
    media_image1.png
    340
    340
    media_image1.png
    Greyscale
United States Patent and Trademark Office    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/390,801
Filing Date: 22 Apr 2019
Appellant(s): Stockdale et al.



__________________
Thomas Ferrill
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed 03/08/2021.

 Examiner’s Note:
The Appellant lists one set of claims in the Summary of Claimed Invention section including the word “causal” and another set under the Claims Appendix, with the word “causal” removed.  The Examiner notes that the word “causal” was deleted in the after final amendment filed 10/08/2020 and this was entered by the Examiner with the advisory action mailed 10/27/2020.  Therefore, the correct claim listing is that listed by the Appellant under the Claims Appendix, and does not include the word “causal”.   The Examiner also notes that in the 103 rejection, the Eynon reference number had a typographical error in the heading.  They Eynon reference should read US 2010/0235908.  This was cited correctly in the 892 mailed 11/15/2019 and did not raise any confusion in the correspondences with the Appellant during prosecution.

(1) Grounds of Rejection to be Reviewed on Appeal
The ground(s) of rejection set forth in the Office action dated 05/07/2020 from which the appeal is taken have been modified by the advisory action dated 10/27/2020.  A list of rejections withdrawn by the Examiner (if any) is included under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”  

WITHDRAWN REJECTIONS
The following grounds of rejection are not presented for review on appeal because they have been withdrawn by the Examiner.  The 112(a) and 112(b) rejection related to “causal link” have been withdrawn because the amendments deleting the term “causal” were entered by the Examiner on 10/27/2020 with the advisory action.  The other 112(a) and 112(b) rejections still stand.  The double patenting rejection has withdrawn because the Appellant has filed a terminal disclaimer which has been approved.
(2) Response to Argument

Appellant argues: 
A.	Appellant argues (in summary) that the Double Patenting Rejection was improper.
Examiner’s Response:  
Appellant’s arguments are moot because a terminal disclaimer was filed and approved. 

Appellant argues:
B1:	Appellant argues (in summary) that claims 23-26, 29-36, and 38-42 are supported under 112(a) written description requirement for “causal link”.  
Examiner’s Response:
Appellant’s amendments were entered with the advisory action on 10/27/2020.  Therefore, this argument is moot, since the word “causal” has been deleted.  The 112(a) and 112(b) rejections regarding “causal link” have been withdrawn.  

Appellant argues:
B2.	Appellant argues (in summary) that claim 24’s and 34’s claim limitation “building a chain of behavior by applying the one or more causal links” is supported by the specification.  The Appellant provides many evidences that the term “behavior chain” is known in the art.  The Appellant also argues that the specification provides support in paragraphs [0016], [0030], [0078], [0080], [0012], and [0013].   Therefore, Appellant argues that the claim phrase “building chain of behavior by applying two or more of the links,” conveys to one skilled in the art analyzing a chain of behavior (a sequence of two or more observed behaviors) forming the behavior of that entity by examining two or more of the links between the first and second entities in light of each other rather than as individual events/links. Appellant assert the Specification and these well-known understanding of a chain of behaviors does support claims 24’s and 34’s claim 
Examiner’s Response: 
First, the Examiner notes that “causal” was deleted by entering amendment on 10/27/2020.  Therefore, the limitation now reads “building a chain of behavior by applying the one or more links”.  However, the rejection still applies in the same manner.  In addition, the Examiner notes that the Appellant does not specifically argue the 112(b) rejection regarding this limitation.  However, Appellant appears to be arguing both that the limitation is supported (112(a)) and is definite (112(b)) under this heading.  Therefore, the Examiner will respond to both.
The Appellant cites multiple references as evidence which describe what a chain of behavior is (i.e., that it is clear and definite).  These show generic explanations of what a chain of behavior is.  However, the Examiner notes that within the context of the claims and the instant specification, the combination of limitations is both unclear and not described sufficiently. The metes and bounds of the claim need to be clearly defined, as well as described in the specification, in order to understand what embodiments the Appellant is claiming. The claims are unclear and not supported because it is unclear what is meant in the context of the claim how to build a chain of behavior by “applying” the one or more links.  What are the links applied to?  What chain of behavior is meant to be built?  The Appellant points to several paragraphs of the specification, but it is not clear specifically from these paragraphs what the “applying” step is and what the “chain of behavior” step is.  The evidence provided shows bounds apparently outside of the Appellant’s invention.  The description, even considering the evidence provided, is not enough to help a reader understand the invention, understand what the metes and bounds of the claim are, and understand what protection is being sought.  The skilled artisan, with the specification as well as the state of the art/evidence before him or her as a guide, would not know the exact metes and bounds of the claim and what protection would be granted for this particular 
Appellant further argues that “building a chain of behavior by applying the one or more links” is supported by the specification. The Appellant has pointed out several paragraphs.  However, these paragraphs do not explain what corresponds to a “chain of behavior” or “applying” the links.  These portions of the specification recite things like “chain sets of user defined heuristics”, “complex chains of weighted logical expressions”, “compared to previous behavior”, “deviation from normal behavior”, “detect subtle shifts and patterns”, etc. None of the examples provided by the Appellant explain what a “chain of behavior” is or how to “build a chain of behavior” by “applying links”. The closest example would be “chain sets of defined user heuristics” or “complex chains of weighted logical expressions”.  However, this still does not describe what corresponds to the chain of behavior is and what corresponds to applying the links.   The Appellant has not addressed what the metes and bounds of the claim are, or how this limitation can be applied.  
In addition, the Examiner notes that the evidence, regarding the 112 rejections related to claims 24 and 34, was filed either after-final and/or with the appeal brief when it could have been filed earlier in prosecution.  Appellant has offered a brief explanation as to why Appellant did not offer the evidence prior to close of prosecution when it could have been.  Appellant states (on pages 59-60 of Appeal Brief), that "Applicants presented arguments conveying these points in the Response to the non-final office action. When the final office action continued to misunderstand this issue, applicant’s then provided the points made in the Response to the non-final with the evidenciary documents....Thus, filing these documents, which are evidence that should be consider to merely support the arguments originally made in the response to the nonfinal and then presented in the Response to the final office action to further explain and support those arguments."  The examiner does not consider this proper justification as to why the evidence was not considered earlier in prosecution.  If the evidence were accepted at face value, then any time Appellant wanted to argue something, and it was not persuasive, then new evidence could be 

Appellant argues:
B3:	Appellant argues (in summary) that the amendment to delete the term “causal” in the after final amendment dated 10/08/2020 should have been entered and that the Examiner refused to enter this amendment.
Examiner’s Response:
The Examiner did not refuse to enter the amendments.  The amendments were entered in the advisory action mailed 10/27/2020.  

Appellant argues:
C1:	Appellant argues (in summary) that the Examiner did not consider both the claims as a whole and the prior art references as a whole per MPEP §2141 by modifying the teachings of the primary prior art reference to first create a hypothetically known claim element and then improperly using merely portions of other prior art references to further modify that merely hypothetically known claim element because the prior art references are not in the same field of 
Examiner’s Response:
	Appellant states relevant field is “a threat detection system using a self-learning model trained on a normal behavior of at least the first entity associated with the computer system to determine, in accordance with the analyzed derived metrics and the link, a cyber-threat risk parameter indicative of a likelihood of a cyber-threat via flagging the heavier for the first entity that seems to fall outside of the normal behavior for the pattern of life as anomalous, requiring further investigation”.  Examiner notes that this is not the relevant field, but is instead Appellant’s 
In addition, the use of self-learning modules which look at normal behavior, pattern of life, moving benchmarks, further investigation, etc. are basic to machine learning modules that are classifying information. They are designed to continuously change and learn and investigate further when something falls outside of expected behavior. This is well known in the art, as is shown by Brezinski. Both the instant application and Brezinski are interested in using machine learning modules to detect anomalous behavior, and thus, are directed to the solving a similar problem.  Examiner has not used impermissible hindsight, but has articulated clear reasoning as to the benefit that Brezinski brings.  The Examiner has clearly articulated that self-learning training models are well known in the art to reduce required resources and keep up to date on threats, as taught by Brezinski. The Examiner notes that any rejection based on obviousness must contain some amount of hindsight.  However, the Examiner has used the details and benefits specified by the Brezinski reference to create the motivation to combine, and therefore, has not used impermissible hindsight.

Appellant argues:
C2:	Appellant argues (in summary) that the reasoning in the Office Action fails to disclose a combination of references that disclose each and every claim limitation.  The Office Action fails 
Examiner’s Response:


Appellant argues:
C3:	Appellant argues (in summary) that the Examiner improperly relies on hindsight of Appellant’s own disclosure, per MPEP 2142, to modify the teachings of the primary prior art reference to first create a hypothetically known claim element and then improperly uses other prior art references to further modify that merely hypothetically known claim element.  KSR 
Examiner’s Response: 
	The Examiner notes that the KSR rationales A-F that Appellant has listed are merely examples of possible types of rationales that may support a conclusion of obviousness.  The rejections do not have to fall under one of these particular categories.  The Examiner has used motivation as the rationale, and the Appellant has addressed many rationales, but has not addressed motivation to combine.  Thus, Appellant failed to address the position taken by the Examiner.  The Examiner did not attempt to use the rationales discussed by the Appellant, and it should be noted that the KSR ruling did not eliminate motivation to combine as a rationale for obviousness rejection.  The Appellant also seems to be arguing that a reference needs to teach a limitation in its entirety, or else that limitation is merely hypothetically known.  The Examiner respectfully disagrees.  There is no requirement that an entire limitation must be taught by a singular reference.  Instead, the test for obviousness is what the combined teachings of the references would have suggested to those of ordinary skill in the art, See In re Keller, 642 F.2d 413, 209 USPQ 871 (SSPA 1981).

Appellant argues:
C4:	Appellant argues (in summary) that none of the references are in the same field of art and have been pieced together, but are not trying to solve a similar problem as the claimed invention.  


Examiner’s Response:
	The references are in the same field of art as the instant application, which is threat detection.  They are each attempting to prevent malicious activity (solving a similar problem).  Appellant’s argument with respect to “obvious to try” is a strawman fallacy as Appellant attacks a position that was not taken by the Examiner.  The rationale relied upon by the Examiner for the rejection was “motivation to combine” not “obvious to try”.  
Appellant argues:
C5:	Appellant argues (in summary) that the commercial success of the assignee rebuts the 103 rejection.  Appellant argues that the assignee Darktrace LTD is called by third parties the “market leader”.  Forbes.com calls Darktrace a unicorn and that the company hit a $1.25 billion valuation last month.  The Appellant argues that various blogs and other third parties have praised the work of Darktrace.  Appellant argues that Cyber Security shows that the product is effective because “we offer a 30-day trial.  We can show potential clients the vulnerabilities they have missed using their existing security tools.”  
Examiner’s Response:
	The Appellant has not demonstrated that the commercial success is due to the invention being a superior product, as opposed to other factors, such as advertising. For example, the Appellant states that a 30-day trial of their product was given. This sort of advertisement may have contributed to the commercial success since people are more likely to use free products and are unlikely to switch their products even if there are better alternatives available. This is seen, for example, when various anti-virus companies pay to include their scanners as part of a free trial in new computers, or if Google or Bing is set as a default browser.  Users are less likely to change 

Appellant argues: 
D-H:	Appellant argues (in summary), regarding claims 30, 29, 35, 27, 28, 31, 37, 40, and 41, that the various references do not solve the same problem as Appellant’s claimed invention.  
Examiner’s Response:
Examiner notes that all the references are in the field of threat detection and/or machine learning and provide the specific benefits as described in the final office action.  Appellant has provided no specific details regarding each reference.

Appellant argues:
I.	Appellant argues (in summary) that claim 32 is a product by process claim and is properly claimed and should not be rejected under 112(d).
Examiner’s Response:
	The Examiner respectfully disagrees.  A product by process claim explicitly recites the process by which a product is made. Claim 32 is not a product by process claim because it does not recite a process by which the product is made.  It would have to recite a method in which the medium itself is made.  It merely recites a medium that when executed, performs a method.  It fails the infringement test.  For example, if the medium were sitting on a desk, not being executed, then the method from which it depends (claim 23) would not be infringed upon.  Therefore, claim 32 does not further limit claim 23, and therefore, claim 32 is not in proper dependent form.

For the above reasons, it is believed that the rejections should be sustained.
Respectfully submitted,
/LISA C LEWIS/Primary Examiner, Art Unit 2495                                                                                                                                                                                                        
Conferees:
/PONNOREAY PICH/Primary Examiner, Art Unit 2495        

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495                                                                                                                                                                                                                

                                                                                                                                                                                        { 3 }
Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.