DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/10/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim limitation “an autonomous report composer is configured to…” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph in independent claims 1 and 11. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the composer” is. There are no associations between a composer and any computer component. While the structure of a generic computing system for some embodiments is disclosed starting at [177], there are no indications that the modules, composer, or other similar claim language, are specific components to the disclosed computing system, or that they are software programs executed by said computing system. Therefore, the claims are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
    
        
            
                                
            
        
    

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Independent claims 1 and 11 recite: “a type of report on cyber threats that is composed in…level of detail on the cyber threats”. The scope and context of “level of detail” is not clear. Any written report would inherently contain some level of detail, such as just a summarized paragraph or pages of numerical results with explanations. It is indefinite how this term is being applied to the claimed invention.
Furthermore, independent claims 1 and 11 recite: “where a template for the type of report contains two or more sections”. It is unclear which “type” of report this limitation is referencing. Additionally, the claimed limitation uses a “where” clause, which gives the presumption that a previously recited limitation is being further defined/described. It is unclear if limitation is further defining the template described in i), ii), or a completely distinct template, of the claimed limitations
identify any sections of text that do not have a high level of comprehension”. The phrase “a high level of comprehension” is relative, which renders the claim indefinite. One having ordinary skill in the art cannot ascertain what “level” of comprehension is considered “high”.
Dependent claims 8 and 18 recite: “library of graphs/charts and/or other information found in that section”. A broad range or limitation together with a narrow range or limitation that falls within the broad range or limitation (in the same claim) may be considered indefinite if the resulting claim does not clearly set forth the metes and bounds of the patent protection desired. See MPEP § 2173.05(c). In the present instance, claim 8 recites the broad recitation “other information”, and the claim also recites “graphs/charts” which is the narrower statement of the range/limitation. The claim is considered indefinite because there is a question or doubt as to whether the feature introduced by such narrower language is (a) merely exemplary of the remainder of the claim, and therefore not required, or (b) a required feature of the claims.
Dependent claim 13 recites: “traditional algorithms”. It is unclear what “traditional algorithms” may include and/or exclude. What constitutes as a “traditional algorithm” may be subjective in the views of different types of peoples having ordinary skill in the art. The metes and bounds of this limitations are not clearly defined.
Any remaining claims are similarly rejected as stated in the above sections.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 6, 8, 10-12, 16, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Faigon et al. (hereinafter, “FAIGON”), US 2017/0353477 in view of Lin (hereinafter, “LIN”), US 2010/0121929.
As per claim 1: FAIGON discloses: An apparatus, comprising: a formatting module that at least has an autonomous report composer and a set of one or more libraries (a machine learning based anomaly detection architecture 200 is presented [FAIGON, ¶38; Fig. 2]; anomaly reports are generated using templates (e.g. “libraries”) [FAIGON, ¶¶104, 112]), where the autonomous report composer is configured to compose a type of report on cyber threats that is composed in a human-readable format with natural language prose, terminology, and level of detail on the cyber threats aimed at a target audience (the templates for reporting an anomaly event Is presented in naturally processed language [FAIGON, ¶104]), and where the autonomous report composer cooperates with the one or more libraries of sets of prewritten text templates with i) one or more standard pre-written sentences written in the natural language prose (an example of a template for reporting an anomaly event is shown in [FAIGON, ¶¶104-107], which depicts pre-written sentences and fill-in-the-blanks regarding specific event attributes to a detected anomaly; see also [FAIGON, ¶¶110-115]).
FAIGON does not disclose the templates being “derived from previously generated reports of that type”. However, LIN is directed to analogous art of generating and analyzing risk values for detecting anomalous behavior [LIN, ¶¶25-26]. LIN also discloses creating new templates for risk analysis to be used in future reports (e.g. “derived from previously reports of that type”) [LIN, ¶23]. See also [LIN, ¶¶9-10], wherein templates are created for future reports of calculated risks of events.
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to custom define templates for generating subsequent reports. The manner of how a report is presented is a design choice. Once a template is designed, it could be used as a basis for generating future reports in the desired format and structure by the developers of the system.

As per claim 2: FAIGON in view of LIN disclose all limitations of claim 1. Furthermore FAIGON in view of LIN disclose: where the formatting module and the autonomous report composer are part of system to protect a network from the cyber threats that uses one or more Artificial Intelligence models trained with machine learning on a normal behavior of entities in the network (online machine learner trains with normal patterns [FAIGON, ¶¶39, 43]), where a breach of the AI models with its data and description are used to map specific incidents to related fillable blanks in the sentences (anomalies are detected by comparing to known patterns [FAIGON, ¶39]).

As per claim 6: FAIGON in view of LIN disclose all limitations of claim 2. Furthermore, FAIGON in view of LIN disclose: where the autonomous report composer is configured to cooperate with a library of suggested actionable actions to take in light of the cyber threats, and then populate suggested actionable actions to take into the report (content policies identify security actions to be performed by administrators [FAIGON, ¶¶176, 180]; reports include taking action [FAIGON, ¶107]).

As per claim 8: FAIGON in view of LIN disclose all limitations of claim 2. Furthermore, FAIGON in view of LIN disclose: where the autonomous report composer cooperating with the one or more libraries at least includes a first library with a multitude of templates of different types of reports and the sections found in each report template, where each different type of report and the section found in each report has its own library of prose for sentences found in that section, and library of graphs/charts and/or other information found in that section of that type of report (samples of different templates are depicted in [FAIGON, ¶¶104-107, 112-113]; furthermore, different templates are available for generating a report [LIN, ¶¶33, 36]).

As per claim 10: FAIGON in view of LIN disclose all limitations of claim 2. Furthermore, FAIGON in view of LIN disclose: where the autonomous report composer cooperating with the one or more libraries is configured to take in machine data and machine process, understand that machine data and machine process, and then choose the type of report from the libraries of to compose the type of report on cyber threats that is composed in the human-readable format with the natural language prose, terminology, and level of detail on the cyber threats aimed at the target audience based on an identified potential cyber threat (events and feature-value pairs are assigned to respective space to create so-called user models IDs (e.g. collectively corresponding to “machine data and machine process”), wherein detection of an anomaly event associated with a space ID is compared with feature-value pairs of anomalous and non-anomalous events and reported in a natural language via a report [FAIGON, ¶¶109-113]).

As per claim 11: Claim 11 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 11 is directed to a method corresponding to the functions of the apparatus in claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 11.

As per claim 12: Claim 12 incorporates all limitations of claim 11 and is a method corresponding to the functions of the apparatus in claim 2. Therefore, the arguments set forth above with respect to claims 2 and 11 are equally applicable to claim 12 and rejected for the same reasons.

As per claim 16: Claim 16 incorporates all limitations of claim 12 and is a method corresponding to the functions of the apparatus in claim 6. Therefore, the arguments set forth above with respect to claims 6 and 12 are equally applicable to claim 16 and rejected for the same reasons.

As per claim 18: Claim 18 incorporates all limitations of claim 12 and is a method corresponding to the functions of the apparatus in claim 8. Therefore, the arguments set forth above with respect to claims 8 and 12 are equally applicable to claim 18 and rejected for the same reasons.

As per claim 20: Claim 20 is different in overall scope from claim 11 but recites substantially similar subject matter as claim 11. Claim 20 is directed to a non-transitory computer readable medium with code corresponding to the method claim 11. Thus, the response provided above for claim 20 is equally applicable to claim 11.

Notes on Prior Art
	Claims 3-5, 7, 9, 13-15, 17, and 19 are not currently subjected to any rejections under prior arts. They contain features that further define the claimed invention, which were not disclosed, taught, or suggested by the currently cited prior arts. See also the following section for addition relevant prior arts to the claimed invention.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2007/0169021: Discloses generating a medical report from clinical data that follows a template of natural language phrases.
US 2010/0043066: Discloses a multi-layer security system and generating reports based on templates.
US 2013/0055399: Discloses generating reports to security events or incidents, wherein each report can be presented in a multitude of formats that are readable by administrators.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453.  The examiner can normally be reached on Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        6-09-2021