DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 


Claim Rejections – 35 U.S.C. § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-10 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter.

Regarding claims 1-10:  Applicant’s disclosure discusses exemplary modules/filters/identifiers in an open-ended manner, avoiding a discussion of hardware elements.  Note that the Non-Patent Document “U” of the Form PTO-892 (Microsoft Computer Dictionary, 4th Edition, Microsoft Press, Redmond, WA, © 1999, pp. 295-296.) discusses modules as encompassing software implementations.  As such, claim 1  has been interpreted as encompassing software per se subject matter, and is therefore non-statutory under 35 USC §101.  I.e., the claim encompasses an embodiment directed to a pure software embodiment, which does not fall within one of the statutory subject matter categories. 
During examination, the PTO is obliged to give claims their broadest reasonable interpretation consistent with the specification.  See In re Zletz, 893 F.2d 319 (Fed. Cir. 

Claims 2-10, 3, 7 and 9 depend upon claims 1, 2, 6 and 8, respectively, and do not correct the issues set forth above.   Therefore, these claims are likewise rejected.



NOTE:  In addition, or in the alternative, to the 35 USC §101 rejection set forth above, interpretation of the claims under 35 USC §112(f) (and rejection under 35 USC §112(b)) has been set forth below:

35 USC § 112
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

Use of the word “means” (or “step for”) in a claim with functional language creates a rebuttable presumption that the claim element is to be treated in accordance 

Absence of the word “means” (or “step for”) in a claim creates a rebuttable presumption that the claim element is not to be treated in accordance with 35 U.S.C. 112(f) (pre-AIA  35 U.S.C. 112, sixth paragraph).  The presumption that 35 U.S.C. 112(f) (pre-AIA  35 U.S.C. 112, sixth paragraph) is not invoked is rebutted when the claim element recites function but fails to recite sufficiently definite structure, material or acts to perform that function. 


Claim limitations directed to a “module”, “filter” and identifier (as recited in claims 1-10) have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because they use a generic placeholder “module”, “filter” or “identifier” coupled with functional language without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not preceded by a structural modifier.  
Note that claim 9 also includes elements with names such as classifier, analyzer, normalizer and generator.  These same issues apply to these terms.  Since these claim limitations invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 1-10 have also been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
claims 1-10, appear to be purely software implementations of modules/filters/elements.  No structure, which for instance indicates how such functionality is to be implemented, is discussed

If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-10 are rejected under 35 U.S.C. § 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Regarding independent claims 1-10:   These claims have been alternatively interpreted as invoking a "means plus function" interpretation.  However, the specification appears to encompass a purely software implementations of the recited "module", “filter” and “identifier” elements.  These recited elements are not supported by structure within the disclosure.  The disclosure merely refers to them by name/label, but does not set forth any structural / implementation details of these elements.  Therefore, the scope of these claims is vague/ambiguous. 

Claims 2-10, 3, 7 and 9 depend upon claims 1, 2, 6 and 8, respectively, and do not correct the issues set forth above.   Therefore, these claims are likewise rejected.

Additional 112:  

Regarding claim 1:  First, it is not clear what a “plurality of raw data” means, especially since data is a “plural” concepts.  Multiple streams?  
Additionally, this claim basically recites a requirement for three arbitrary “modules” to have particular names.  There is not structure (hardware, algorithmic, etc.) for implementing this claim.  It vaguely references “first-order” and “second-order”.  It’s not clear what either of these terms means.  They just appear to be arbitrary names.  I.e., How does one recognize “first-order”?  Second-order?  Distinguish between them?  Additionally, these terms are used to further modify “risk filtering”.  What exactly is “risk”, how is it identified as such, and how is it “filtered”?  E.g., How recognized? How removed?  Furthermore, what is “specific data”?  Is specific data “bad” or “good” data?  How is it recognized as such?  
An “in series” connection is recited.  First, there are multiple “in series” configurations available.  It’s not clear that all of these configurations won’t render the claimed system’s results erroneous.  [E.g., if extracting “specific [good] data” before filtering, isn’t good/desirous data going to be missing from the end result?]  
What is “raw data with security risks”?  What is considered a security risk?  How is such a risk recognized?  What is “required” raw data?  How is such data recognized as being “required”?  Suppose data is NOT required and NOT a security risk?  It’s not clear that such a situation can be handled by the claimed invention (an error condition?).  What is “usable” raw data?  How is it distinguished from “raw data with security risks” and “required raw data”?  Technically, isn’t all data usable?  E.g., If one 

Regarding claim 2:  This claim, like claim 1, recites names/labels for models, and appears to attempt to bootstrap functionality and structure for each (without explicitly reciting any structural/algorithmic elements for implementing functionality).  No implementation details exist within the claims or disclosure as to how these elements are to work.  For instance, what is “sensitive behavior, and how is it detected?  Is sensitive behavior exposing secrets, or perhaps text containing empathetic language or pictures of people hugging?  What is “personal information”, and how is it detected?  A link to one’s high school’s web site?  A spoofed link to one’s high school’s web site?  What specifically is entailed by an “execution object”?  E.g., Is data that triggers an executable process to be considered an “execution object”?  

Regarding claim 3:  The same types of issues raised in claims 1 and 2 are problematic for the “identifiers” of claim 3.  And, it is unclear whether the recited “identifiers” are merely numbers [e.g., user ID identifiers] or software routines that recognize/identify something.  

Regarding claim 4:  The same types of issues raised in claims 1 and 2 are problematic for the module/filters of claim 4.  E.g., How is “attacking behavior” recognized as such?  What does its filtering entail?  Removing all instances?  How is an “application external connection” recognized?  Name? IP address?  Time of day?  Is information from all claimed “services” bad/undesirable?  How recognized as from a service?  Name? IP?  Time of Day?

Regarding claim 5:  The same types of issues raised in claims 1, 2 and 4 are problematic for the module/filters of claim 5.  For example, how does one determine that a script represents a CPU targeted attack or cross-platform attack?  Are bitcoin/geo-fencing/info-blocking/push notifications/advertisements/URLs necessarily bad?  Are all such data removed?  How is a removal situation recognized as such?  It’s unclear how one distinguishes between acceptable and unacceptable data.  How are spam/forgery attacks/social eng’g/group-casting scenarios even recognized/determined?  The claim attempts to bootstrap capabilities, but it is unclear how such capabilities are implemented such that they function correctly.

Regarding claim 6:  The same types of issues raised in claim 1 are problematic for the module of claim 6.  The claim merely recites a name/label for a software entity.  It is unclear what the recited “third … module” encompasses.  How is “risk” identified/recognized as such.  And, the “third … module” is recited as being “in sequence” with the 1st/2nd order modules.  First, it is unclear what the intended significance is regarding this change in language (from “series” to “sequence”).  Second, it is noted that the instant claim explicitly ignores the configuration in regards to the “specific data extractor”.  It is unclear whether Applicant is attempting to remove this elements from the configuration.   

Regarding claim 7:  The same types of issues raised in claims 1, 2 and 6 are problematic for the module/filters of claim 7.  For instance, it is not clear how such attack/forgery issues are recognized.   


Regarding claim 8:  The same types of issues raised in claims 1 and 2 are problematic for the module of claim 8.  Additionally, it is not clear what “visible” data entails.  Images?  Video? EBook?  How is such data recognized and distinguished from data that is not visible?     


Regarding claim 9:  The same types of issues raised in claims 1, 2 and 8 are problematic for the elements of claim 9.  What does “data classifier” mean?  Text/video/confidential/personal data classifications?  How is such data classified, and as what classifications?  What specifically does Normalization mean/entail?  There are numerous was to normalize data, with differing data types and formats often drastically increasing the normalized result possibilities.  Is regression needed for every instance of data processed?  How does one determine when it is necessary?  What does “visualization” mean/entail?  An animation capability?  What does “principle component” mean/encompass?  How is such a component recognized/identified?  What does its analysis entail?  What is “integrated”?  Are all results integrated, and if not, how does one determine what is / is not integrated?  


Therefore, the scope of each claim (1-10) is ambiguous.



Claims 2-10, 3, 7 and 9 depend upon claims 1, 2, 6 and 8, respectively, and do not correct the issues set forth above.   Therefore, these claims are likewise rejected.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1-6 and 10 are rejected under 35 U.S.C. §103 as being unpatentable over Mears (US Patent No. 8,407,789, hereafter referred to as “Mears”) in view of Brinskelle (US Patent Application Publication No. 2019/0354709, hereafter referred to as “Brinskelle”).

Regarding independent claim 1:  Mears teaches A data collection system for effectively processing big data, the data collection system comprising: a first-order risk filtering module, for receiving a plurality of raw data; a second-order risk filtering module; (See Mears Figures 2 and 3 showing exemplary computing system environments.  See also the Abstract discussing the implementation of a multistage filter security system containing 2 or more filtering modules.  And, refer to Figures 2 and 3 teaching the use of a file receiving module, and showing multiple filter/stage modules.) wherein the first-order risk filtering module, the specific data extractor and the second-order risk filtering module are connected in series, (See Mears Abstract discussing the implementation of a multistage filter security system containing 2 or more filtering modules in a sequence.) so as to filter out raw data with security risks and extract required raw data, (See Mears col. 1 lines 39-43 teaching the filtering out or blocking of undesirable content [at each stage].) and accordingly the data collection system outputs usable raw data. (See Mears Abstract discussing determining and implementing an optimal filtering stage sequence to obtain filtered [output] data.)
 and a specific data extractor, (See Brinskelle paragraph [0749] discussing the use of a security agent for extracting data about a web application.  Also, see paragraph [0926] discussing the use of a security agent for the extraction of data from communication channels, such as IP addresses ad sensitive data.)
It would have been obvious to one of ordinary skill in the art at the time of Applicant’s subject matter to apply the teachings of Brinskelle for the benefit of Mears, because to do so provided a designer with options to implement a system to ensure that certain types of data, such as sensitive data, is only triggered by authorized access, as taught by Brinskelle in the Abstract.  These references were all applicable to the same field of endeavor, i.e., management and processing of potential security-related communications issues.  


Regarding claim 2:  Mears does not explicitly teach the remaining limitations as claimed.  Brinskelle, though, teaches wherein the specific data extractor comprises a sensitive behavior detection module, a personal information detection module and an execution object detection module. (See Brinskelle paragraphs [0031], [0033] and [0134] teaching the processing of sensitive/personal data, and [0004]-[0007] teaching the processing of cross-site scripting information.)

Regarding claim 3:  Mears teaches the use of multiple filtering elements.  However, Mears does not explicitly teach the remaining limitations as claimed.  Brinskelle, though, teaches wherein the personal information detection module comprises a messenger ID identifier, an email address book identifier, an OS language identifier, an iris bio-information identifier, an IPv4 information identifier, a fin-transaction info identifier, a gene bio-info identifier, a fingerprint info identifier, a voiceprint info identifier, a face related info identifier and a social media response info identifier. (See Brinskelle [0134] teaching the use of personal data, [0038] and [0119] teaching the use of financial data, and [0036] and [0139]-[0141] teaching the use of HTTP and URL data.)

Regarding claim 4:  Mears teaches the use of multiple filtering elements.  However, Mears does not explicitly teach the remaining limitations as claimed.  Brinskelle, though, teaches wherein the first-order risk filtering module comprises an attacking behavior filter, an application external connection filter, a hosting service filter, a specific clouding service filter and an ASP.Net web data filter. (See Brinskelle paragraphs [-139]-[0141] teaching the use of HTTP and URL data, and paragraphs [0004]-[0007] and [0039] teaching the use of cross-site scripting and cross-site forgery data.)

Regarding claim 5:  Mears teaches the use of multiple filtering elements.  However, Mears does not explicitly teach the remaining limitations as claimed.  Brinskelle, though, teaches wherein the second-order risk filtering module comprises an ASP.Net java script filter for CPU targeted attack, a cross-platform attack filter, a bitcoin miner filter, a spam filter, an ID forgery attack filter, a protocol forgery attack filter, a geo-fencing info filter, an info-blocker behavior filter, a push notification filter, a suspicious virtual transaction filter, a social-eng filter, a full-paged web advertisement filter, a mobile pop-up web advertisement filter, a group-casting message filter and a URL filter for the comment area of a social community. (See Brinskelle paragraphs [-139]-[0141] teaching the use of HTTP and URL data, and paragraphs [0004]-[0007] and [0039] teaching the use of cross-site scripting and cross-site forgery data.)

Regarding claim 6:  Mears teaches the data collection system further comprises a third-order risk filtering module, which is connected to the second-order risk filtering module in sequence.  (See Mears Abstract discussing the implementation of a multistage filter security system containing 2 or more filters/stages in a sequence.  See also, Figures 2 and 3 showing multiple filter/stage modules.)  

Regarding claim 10:  Mears teaches wherein the data collection system is a cloud server, an embedded system device platform, a user computer or a server host.  (See Mears col. 7 line 59 – col. 8 line 8 discussing the exemplary use of a variety of platforms such as user computing devices and servers.  Additionally, refer to Figures 2 and 3 showing exemplary computing systems.)  



Claims 7-9 are rejected under 35 U.S.C. §103 as being unpatentable over Mears (US Patent No. 8,407,789, hereafter referred to as “Mears”) in view of Brinskelle (US Patent Application Publication No. 2019/0354709, hereafter referred to as “Brinskelle”) and Mixer et al (US Patent Application Publication No. 2018/0041529, hereafter referred to as “Mixer”).

Regarding claim 7:  Mears teaches the use of multiple filtering elements.  However, Mears in view of Brinskelle does not explicitly teach the remaining limitations as claimed.  Mixer, though, teaches wherein the third-order risk filtering module comprises a man-in-middle attack filter, a base-station forgery filter and a hotspot forgery filter. (See Mixer Figure 9 teaching the use of a variety of exemplary filters, including a man-in-the-middle identifying module.)
It would have been obvious to one of ordinary skill in the art at the time of Applicant’s subject matter to apply the teachings of Mixer for the benefit of Mears in view of Brinskelle, because to do so provided a designer with options to implement a system that may be managed centrally to eliminate error-prone processes, as taught by Mixer in paragraph [0059], for example.  These references were all applicable to the same field of endeavor, i.e., management and processing of potential security-related communications issues.  


Regarding claim 8:  Mears teaches the use of multiple filtering elements.  However, Mears in view of Brinskelle does not explicitly teach the remaining limitations as claimed.  Mixer, though, teaches wherein the data collection system further comprises a visible data output module. (See Mixer Figure 9, especially #914 and paragraph [0006] teaching the use of a reporting module.)
It would have been obvious to one of ordinary skill in the art at the time of Applicant’s subject matter to apply the teachings of Mixer for the benefit of Mears in view of Brinskelle, because to do so provided a designer with options to implement a system that may be managed centrally to eliminate error-prone processes, as taught by Mixer in paragraph [0059], for example.  These references were all applicable to the same field of endeavor, i.e., management and processing of potential security-related communications issues.  

Regarding claim 9:  Mears teaches the use of multiple filtering elements.  However, Mears in view of Brinskelle does not explicitly teach the remaining limitations as claimed.  Mixer, though, teaches wherein the visible data output module comprises a data classifier, a data normalizer, a regression analyzer, a visualization module, a principle component analyzer, a data clustering analyzer and an integrated report generator. (See Mixer Figure 9, especially #914 and paragraph [0006] teaching the use of a reporting module.)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Relevance is provided in at least the Abstract of each cited document.

Non-Patent Literature
Microsoft Computer Dictionary, 4th Edition, Microsoft Press, Redmond, WA, © 1999, pp. 295-296.
Provides definitions of module, modular programming and modular software indicating that the term “module” encompasses a pure software entity.  






Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Robert Stevens, whose telephone number is (571) 272-4102.  The examiner can normally be reached on M-F 6:00 – 2:30.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashish Thomas can be reached on (571) 272-0631.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ROBERT STEVENS/Primary Examiner, Art Unit 2164                                                                                                                                                                                                        




May 8, 2021