PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office
    
        
            
                                
            
        
    

Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE PATENT TRIAL AND APPEAL BOARD


Application Number: 16/143,037
Filing Date: 9/26/2018
Appellant(s): Pourmohammad et al.



__________________
James M Campbell (Reg. No.: 69,087)
For Appellant


EXAMINER’S ANSWER





This is in response to the appeal brief filed March 1, 2021 and correction filed March 12, 2021.
(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Office action dated September 29, 2020 and the Advisory Action dated January 12, 2021 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”

(2) Response to Argument
35 USC 101 Response	
The Appellant argues, page 7, the claims do not recite an abstract idea. The Examiner respectfully disagrees. The Examiner has clearly pointed out the limitations directed towards the abstract idea, what the additional elements are and why they do not integrate the abstract idea into a practical application, and why the additional elements and remaining limitations do not amount to significantly more than the abstract idea. The Examiner asserts that the PEG 2019 provides a list of examples of what entail abstract ideas, where that list is not an all encompassing list for every abstract idea out there. 
The Appellant argues, page 8, the claims do not recite an abstract idea. The Examiner respectfully disagrees. The Examiner asserts that determining the risk values utilizing the decay models is directed towards the abstract idea of Mathematical Equations/Relationships because the decay model appears to be a specific mathematical relationship as identified by Paragraph 0317 of Appellant’s specification. The Examiner further points to claims 9 and 19 which recite specific mathematical relationships “multiplying the risk values at a previous point in time with the decay model”.

The Appellant further argues, pages 9-10, the claims recite a particular improvement for modeling threats. The Examiner respectfully disagrees. The Appellant does not properly identify the additional elements and provides no reasoning as to what the improvement is.
The Appellant further argues, page 10, the claims integrate the abstract idea into a practical application. The Examiner respectfully disagrees. The Appellant provides no reasoning as to how the claims are more than a drafting effort designed to monopolize the judicial exception. The Examiner refers to the 101 rejection on the Final OA dated 9/29/2020.
The Appellant further argues, pages 10-11, the claims amount to significantly more than the abstract idea. The Examiner respectfully disagrees. The Appellant does not properly identify the additional elements, but rather recites only limitations directed towards the abstract idea as shown by the Examiner. For example, select a decay model 
The Examiner further notes that independent claims 11 and 20 recite a different sequence of steps/functions that have not been argued by the Appellant. 

35 USC 103 Response
Appellant argues, pages 11-13, the cited prior art does not disclose select a decay model based on the particular threat type. The Examiner respectfully disagrees. The Examiner asserts that Baikalov teaches select a decay based on the particular threat type (See Figure 2 and Paragraph 0027 – “Each threat may have a different aging factor that may be selected empirically based upon the type of threat”), where each aging factor is the decay as claimed, which is selected based upon the type of threat. Then Miltonberger further teaches the decay “model” (See Abstract – “The risk engine uses the account model to generate a first probability” and Paragraphs 0156-0157 – “a Time Decay Model for the User Model … an exponential decay function, the relative weight of each event decays according to the function”), where Miltonbereger is analyzing risk probabilities using decay models based on certain weighting factors (e.g. particular types of threats). The Examiner asserts that the decay model as claimed is specifically recited by Miltonberger in at least Paragraphs 0156-0157. 
the invention may be embodied in executable instructions in computer readable physical media that control the operations of one or more computers in the computer network infrastructure of an enterprise”. 
The Appellant further argues, pages 13-14, that the combination of references is incorrect. The Examiner respectfully disagrees. The Examiner asserts it would have been obvious to one of ordinary skill in the art at the effective filing date of the claimed invention to have modified the risk analysis system utilizing decay over time of Baikalov et al. to incorporate the decay models of Miltonberger in order to better represent how the risk values change as time passes for certain events, therefore making the risk analysis more accurate. The Examiner asserts that the Miltonberger reference is only cited as teaching the claimed decay model, where it would have been obvious to swap the decay model (a variable equation that effects change over time) out for the aging factor (which is a variable that effects change over time) to more empirically define how the risk threat progresses over time. 
Appellant further argues, pages 14-15 the cited prior art does not disclose a building management system. The Examiner respectfully disagrees. The Examiner asserts that the claimed building management system is disclosed by Baikalov in at least Figure 1 and Paragraph 0011 – “the invention may be embodied in executable instructions in computer readable physical media that control the operations of one or more computers in the computer network infrastructure of an enterprise”.
the invention may be embodied in executable instructions in computer readable physical media that control the operations of one or more computers in the computer network infrastructure of an enterprise”.
The Appellant argues, pages 15-16, the cited prior art does not disclose selecting the decay model from a plurality of decay models based on the particular threat type, the plurality of decay models indicating different decay trends that model the level of risk overtime for different threat types. The Examiner respectfully disagrees. The Examiner asserts that Baikalov teaches selecting the decay from a plurality of decays based on the particular threat type, the plurality of decays indicating different decay trends that model the level of risk overtime for different threat types (See Figure 2, Figure 3, Figure 5, Paragraph 0027 – “Each threat may have a different aging factor that may be selected empirically based upon the type of threat”, Paragraph 0035 – “The proper time series may be selected based upon the volume of observations and the expected volatility, with preference given to time periods that reflect patterns of life, such as working hours or workdays. In combining behavioral indicators for a threat model, it is desirable for accurate risk scoring that the threat indicators selected be independent or at least not strongly correlated … Pearson's correlation function”, claim 1, and claim 6 – “threat indicator for a specific time series”), where each threat has a different aging factor (e.g. decay) indicating that there is a plurality of aging factors (e.g. decays), where one is being selected based on the type of threat and then used to analyze risk over time as recited in The risk engine uses the account model to generate a first probability” and Paragraphs 0156-0157 – “a Time Decay Model for the User Model … an exponential decay function, the relative weight of each event decays according to the function”), where Miltonbereger is analyzing risk probabilities using decay models based on certain weighting factors (e.g. particular types of threats). The Examiner asserts that the decay model as claimed is specifically recited by Miltonberger in at least Paragraphs 0156-0157.
The Appellant argues, pages 16-19, the cited prior art does not disclose update the sorted list as the risk value decays. The Examiner respectfully disagrees. The Examiner asserts that Baikalov teaches risk value decays (See Figure 2 and Paragraph 0027 – “a cumulative threat score, P.sub.T, may be calculated as the weighted probability of all associated threat indicators, P.sub.I, together with an aged previous threat score, P.sub.D, that is aged by an appropriate decay or aging factor, f.sub.D, as: P.sub.T=1-(1-f.sub.DP.sub.D).pi..sub.I(1-f.sub.IP.sub.I) … Each threat may have a different aging factor that may be selected empirically based upon the type of threat”), where the mathematical relationships in Paragraph 0027 specifically disclose threat (e.g. risk) values being determined based on aging (e.g. decay) factors over time. Then Miltonberger teaches update the sorted list as the risk value “changes” (See Figure 9, Figures 10-14, Figure 15, Figure 16, and Paragraph 0118 – “rank a set of Events from high to low fraud risk”), where the risk values are being listed in a ranked order based on the updated values of risk as shown by Miltonberger. The Examiner further notes that the likelihood of being a threat determinations in Miltonberger are determined using the decay model as recited in at least Paragraphs 0156-0157. 

The Appellant argues, pages 19-20, the cited prior art does not disclose select the decay based on the particular threat type and further based on the asset. The Examiner respectfully disagrees. The Examiner asserts that Baikalov teaches select the decay based on the particular threat type and further based on the asset (See Figure 2, Figure 6, Paragraph 0027 – “Each threat may have a different aging factor that may be selected empirically based upon the type of threat”, and Paragraph 0034 – “a table that shows the calculated threat scores, P.sub.T, for five different threat indicators (failed logins 612, anomalous access 614, data consumption 616, proxy blocks 618 and data egress 620) and composite risk scores, R.sub.C, (calculated as described above) for four different users”), where different aging factors are being selected based on the type of threat (See Paragraph 0027) and further based on the asset (See Paragraph 0034), where the asset is one of four users, which all entail different values for calculating risk. 
Then Miltonberger further teaches the decay “model” (See Abstract – “The risk engine uses the account model to generate a first probability” and Paragraphs 0156-0157 – “a Time Decay Model for the User Model … an exponential decay function, the relative weight of each event decays according to the function”), where Miltonbereger is analyzing risk probabilities using decay models based on certain weighting factors (e.g. particular types of threats).
a cumulative threat score, P.sub.T, may be calculated as the weighted probability of all associated threat indicators, P.sub.I, together with an aged previous threat score, P.sub.D, that is aged by an appropriate decay or aging factor, f.sub.D, as: P.sub.T=1-(1-f.sub.DP.sub.D).pi..sub.I(1-f.sub.IP.sub.I) … Each threat may have a different aging factor that may be selected empirically based upon the type of threat”, Paragraph 0034 – “a table that shows the calculated threat scores, P.sub.T, for five different threat indicators”, and Paragraph 0035 – “specific time series”), where the Examiner interprets that the risk score is being calculated and displayed at a plurality of points in time as shown on Figure 3 and Figure 5 of Baikalov et al., where the risk score topic is the threat indicator. The Examiner further asserts that Figure 3 of Baikalov clearly shows publishing the risk values over a plurality of points in time, where each line is represented by different risk factors, which are interpreted by the Examiner to be different risk score topics as claimed by Appellant. 
the behavioral threat indicator "Unusual Process" 206 may be assigned a risk factor f.sub.I=0.7 … for the specific threat "Malware Infection" 230, but be assigned only a risk factor f.sub.I=0.5 for a "System Compromise" specific threat”, Paragraph 0034, and claim 1 – “said singular threats having associated singular threat risk scores”), where the Examiner interprets that the selected highest risk value is the risk score calculated for each asset in Baikalov as shown in Figure 6. The Examiner further notes that Figure 3 of Baikalov shows different risk scores based on different risk factors, where the human user can use the highest risk score at the certain points in time to better determine what actions need to be taken to reduce the risk or correct the risk. 
The Appellant argues, pages 23-24, the cited prior art does not disclose the entirety of claims 7 and 17. The Examiner respectfully disagrees. The Examiner asserts that Baikalov teaches an expiration time, which is indicated by the aging factors as recited by Baikalov (See Paragraph 0027). For example, when one of the risk aging factors in Baikalov decays to zero, that risk value is considered to be expired because it will inherently indicate a risk value decaying to zero, which would indicate zero risk. 
a cumulative threat score, P.sub.T, may be calculated as the weighted probability of all associated threat indicators, P.sub.I, together with an aged previous threat score, P.sub.D, that is aged by an appropriate decay or aging factor, f.sub.D, as: P.sub.T=1-(1-f.sub.DP.sub.D).pi..sub.I(1-f.sub.IP.sub.I) … Each threat may have a different aging factor that may be selected empirically based upon the type of threat”), where the mathematical relationship recited by Baikalov Paragraph 0027 calculates risk values over time based on aging factors (e.g. decay). As time progresses the aging factor (e.g. decay factor) will change based on how much time has passed, thus allowing for a new updated risk/threat value to be determined based on how much time has based, which is indicated by the updated aging factor value. 
The Appellant argues, pages 25-26, the cited prior art does not disclose the entirety of claim 13. The Examiner respectfully disagrees. The Appellant is arguing against the cited prior art references individually, where the Examiner asserts one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). For further clarification, based on the arguments, the Examiner interprets the vulnerability parameter risk-adjusting the incidence rates of clinical indicators of access and utilization of health services using the categorized locally transformed normed distance index, dcat, and age and, optionally, other variables, so as to produce an accurate representation of differences in access to health services taking time and distance into account”), where the distance a person (asset) is from the location of service is taken into account when determining the risk for that asset.  

For the above reasons, it is believed that the rejections should be sustained.

Respectfully submitted,
/MATTHEW D HENRY/Primary Examiner, Art Unit 3683                                                                                                                                                                                                        
Conferees:

/MEHMET YESILDAG/Primary Examiner, Art Unit 3624                                                                                                                                                                                                        
/BRIAN M EPSTEIN/Supervisory Patent Examiner, Art Unit 3683                                                                                                                                                                                                        


Requirement to pay appeal forwarding fee.  In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless