DETAILED ACTION
This non-final rejection is responsive to the claims filed 11 October 2019.  Claims 1-14 are pending.  Claims 1 and 8 are independent claims.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-14 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Independent claims 1 and 8
Dependent claims inherit the deficiencies of the independent claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-14 are rejected under 35 U.S.C. 103 as being unpatentable over Telang (US 2018/0357422 A1) hereinafter known as Telang in view of Tsironis (US 2018/0316727 A1) hereinafter known as Tsironis.

Regarding independent claim 1, Telang teaches:
A multi-frame cyber security analysis device (140) for diagnosing whether a target network system (102) is breached by hackers, the multi-frame cyber security analysis device (140) comprising: a display device (141);  (Telang:¶[0049]; Telang teaches a network monitoring system.)
an input device (145), arranged to operably receive operation commands issued by a user;  (Telang: Fig. 3 and ¶[0085]-¶[0086]; Telang teaches an input interface.)
a non-volatile storage circuit (147), arranged to operably store a ... and an associated data frame generating program (154), wherein the database (152) is stored with device activities records of multiple types related to multiple computing devices (111-115) in the target network system (102); and  (Telang: Fig. 1 and ¶[0105]; Telang teaches capturing activity data from a network of devices and storing it.)
a control circuit (149), coupled with the display device (141), the input device (145), and the non-volatile storage circuit (147), and arranged to operably execute the associated data frame generating program (1 54), so as to conduct data frame generating operation according to the device activities records of multiple types stored in the database (152) to generate multiple (Telang: Fig. 23 and ¶[0426]; Telang teaches displaying multiple panes for filtering data.) 
wherein the multiple associated data frames (510, 520, 530, 1020) comprise a navigator frame (510), a first global data frame (520), and a local data frame (530).  (Telang: Fig. 23 and ¶[0426]; Telang teaches displaying a date frame, IP address/user frame, and the results summary pane.)

Telang does not explicitly teach storing the activities records in a database.

However, Tsironis does teach storing the activities records in a database.  (Tsironis: ¶[0103]; Tsironis teaches event data being stored in a database.)

Telang and Tsironis are in the same field of endeavor as the present invention, as the references are directed to interfaces for security threat analysis.  It would have been obvious, before the effective filing date of the claimed invention, to a person of ordinary skill in the art, to combine a drilldown interface where the user can filter stored activity data for cyber security threat analysis as taught in Telang with the activities data being stored in a database as taught in Tsironis.  Telang already teach storing activities data.  However, Telang does not explicitly teach storing the activities data in a database.  Accordingly, Tsironis provides this additional functionality.  As such, it would have been obvious to one of ordinary skill in the art to modify the teachings of Telang to include teachings of Tsironis because the combination would allow quick retrieval of the data.




claim 2, Telang in view of Tsironis further teaches the multi-frame cyber security analysis device (140) of claim 1 (as cited above).

Telang further teaches:
wherein the data frame generating operation comprises: generating multiple candidate objects (511, 513, 515) respectively corresponding to multiple filtering conditions, wherein the multiple candidate objects (511, 513, 515) comprise a first candidate object (511) corresponding to a first filtering condition, and a second candidate object (513) corresponding to a second filtering condition;  (Telang: Fig. 23 and ¶[0426]; Telang teaches allowing the user to select a time window which is a date range.  The date range is interpreted as multiple filtering conditions.  Based on the time window, it provides the matching item indicators listed in 2300.)
establishing a navigator frame (510) comprising the multiple candidate objects (511, 513, 515);  (Telang: Fig. 23 and ¶[0426]; Telang teaches frame 2300 which displays the search results pane of IP addresses/users based on the time window that the user has selected.)
generating multiple global property data related to a portion of or all devices in the target network system (102) according to data stored in the database (152), wherein the multiple global property data comprise a first global property data corresponding to the first filtering condition, and a second global property data corresponding to the second filtering condition;  (Telang: Fig. 23 and ¶[0426]; Telang teaches frame 2300 which displays the search results pane of IP addresses/users based on the time window that the user has selected.)
selecting one of the multiple global property data as a first target global property data;  (Telang: Fig. 23 and ¶[0426]; Telang teaches the user selecting item 2302.)
establishing a first global data frame (520) comprising the first target global property data;  (Telang: Fig. 23 and ¶[0426]; Telang teaches the user selecting item 2302 and highlighting the item.)
in the first target global property data, respectively utilizing multiple main visual objects (521, 523, 525) to represent a portion of or all devices in the target network system (102), (Telang: Fig. 23 and ¶[0426]; Telang teaches frame 2300 which displays the search results pane of IP addresses/users based on the time window that the user has selected.  Each IP address is interpreted as computing device.)
generating multiple data groups respectively corresponding to the multiple computing devices (111~115) according to data stored in the database (152), wherein the multiple data groups comprise a first data group corresponding to the first computing device (111), and a second data group corresponding to the second computing device (112);  (See Claim Rejections – 35 U.S.C. 112(b).  Accordingly, Telang: Fig. 23 and ¶[0426]; Telang teaches frame 2300 which displays the search results pane of IP addresses/users based on the time window that the user has selected.)
selecting one of the multiple data groups as a target data group;  (Telang: Fig. 23 and ¶[0426]; Telang teaches the user selecting item 2302 and highlighting the item.)
establishing a local data frame (530) comprising the target data group;  (Telang: Fig. 23 and ¶[0426]; Telang teaches frame 1812 which contains the summary pane for the selected IP address.)
utilizing the display device (141) to display contents of the navigator frame (510), the first global data frame (520), and the local data frame (530) at the same time; and  (Telang: Fig. 23 and ¶[0426]; Telang teaches frame 1812 which contains the summary pane for the selected IP address.)
controlling an associated relationship among the navigator frame (510), the first global data frame (520), and the local data frame (530) to render contents of the first global data frame (520) to change when the navigator frame (510) is manipulated by the user, contents of the local data frame (530) to change when the first global data frame (520) is manipulated by the user, but contents of the navigator frame (510) not to change when the first global data frame (520) is manipulated by the user.   (Telang: Fig. 23 and ¶[0426]; Telang teaches a drilldown filtering system where the user first selects the time window, then selects the IP address, and is then able to view results.  Changing the IP address does not change the time window.)




Regarding claim 3, Telang in view of Tsironis further teaches the multi-frame cyber security analysis device (140) of claim 2 (as cited above).

Telang further teaches:
wherein the data frame generating operation further comprises: in a situation of that a candidate object being currently selected in the navigator frame (510) is the first candidate object (511) and the first target global property data being currently displayed in the first global data frame (520) is the first global property data, if the user then selects the second candidate object (513) in the navigator frame (510) through the input device (145), replacing the first target global property data being currently displayed in the first global data frame (520) with the second global property data corresponding to the second filtering condition.  (Telang: Fig. 23 and ¶[0426]; Telang teaches allowing the user to select a time window which is a date range.  Accordingly, the user can change the time window to change what is displayed in the IP addresses window 2300.)




Regarding claim 4, Telang in view of Tsironis further teaches the multi-frame cyber security analysis device (140) of claim 3 (as cited above).

Telang further teaches:
wherein the data frame generating operation further comprises: in a situation of that the first target global property data being currently displayed in the first global data frame (520) is the second global property data, a main visual object being currently selected in the first global data frame (520) is the first main visual object (521), and the target data group being currently displayed in the local data frame (530) is the first data group, if the user then selects the second main visual object (523) in the first global data frame (520) through the input device (145), replacing the target data group being currently displayed in the local data frame (530) with the second data group corresponding to the second computing device (112), but not changing contents of the navigator frame (510).  (Telang: Fig. 23 and ¶[0426]; Telang teaches allowing the user to select the desired IP address to further view the results in window 1812.  Accordingly, the foregoing teaches the user being able to further select another IP address to view the results for that IP address.)




Regarding claim 5, Telang in view of Tsironis further teaches the multi-frame cyber security analysis device (140) of claim 3 (as cited above).

Telang further teaches:
wherein the data frame generating operation further comprises: replacing the target data group being currently displayed in the local data frame (530) with a predetermined data group corresponding to the second filtering condition.  (Telang: Fig. 23 and ¶[0426]; Telang teaches allowing the user to select the desired time window and IP address to further view the results in window 1812.  Accordingly, the foregoing teaches the user being able to further select another IP address or another time window to view the results for that IP address and time.)




Regarding claim 6, Telang in view of Tsironis further teaches the multi-frame cyber security analysis device (140) of claim 3 (as cited above).

Telang further teaches:
wherein the multiple global property data further comprise a third global property data corresponding to the first filtering condition and a fourth global property data corresponding to the second filtering condition, and the data frame generating operation further comprises: selecting the third global property data as a second target global property data; establishing a second global data frame (1020) comprising the second target global property data; displaying the second global data frame (1020) at the same time when displaying the first global data frame (520); and in the second target global property data, respectively utilizing multiple main visual objects (521, 523, 525) to represent a portion of or all devices in the target network system (102).  (Telang: Fig. 23 and ¶[0426]; Telang teaches allowing the user to select the desired time window.  The foregoing teaches third and fourth global property data that correspond to the first and second filtering conditions, respectively.  Moreover, upon selection of a time window, frame 2300 will display all the associated IP addresses, which are interpreted as the main visual objects.  In addition, frame 1812 can be interpreted as two frames with the top and bottom parts.  In this case, the top part displays the selected IP address.  In other words, this frame utilizes the visual objects from frame 2300.)




Regarding claim 7, Telang in view of Tsironis further teaches the multi-frame cyber security analysis device (140) of claim 6 (as cited above).

Telang further teaches:
wherein the data frame generating operation further comprises: in a situation of that a candidate object being currently selected in the navigator frame (510) is the first candidate object (511), the first target global property data being currently displayed in the first global data frame (520) is the first global property data, and the second target global property data being currently displayed in the second global data frame (1020) is the third global property data, if the user then selects the second candidate object (513) in the navigator frame (510) through the input device (145), replacing the first target global property data being currently displayed in the first global data frame (520) with the second global property data corresponding to the second filtering condition and also replacing the second target global property data being currently displayed in the second global data frame (1020) with the fourth global property data corresponding to the second filtering condition.  (Telang: Fig. 23 and ¶[0426]; Telang teaches allowing the user to select the desired time window.  The foregoing teaches third and fourth global property data that correspond to the first and second filtering conditions, respectively.  Moreover, upon selection of a time window, frame 2300 will display all the associated IP addresses, which are interpreted as the main visual objects.  In addition, frame 1812 can be interpreted as two frames with the top and bottom parts.  In this case, the top part displays the selected IP address.  In other words, this frame utilizes the visual objects from frame 2300.)




Regarding claims 8-14, these claims recite a computer program product that performs the function of the multi-frame cyber security analysis device of claims 1-7; therefore, the same rationale for rejection applies.



Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicants’ disclosure.  Applicants are required under 37 C.F.R. § 1.111(c) to consider these references fully when responding to this action.
It is noted that any citation to specific pages, columns, lines, or figures in the prior art references and any interpretation of the references should not be considered to be limiting in any way.  A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. In re Heck, 699 F.2d 1331, 1332-33, 216 U.S.P.Q. 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 U.S.P.Q. 275, 277 (C.C.P.A. 1968)).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX OLSHANNIKOV whose telephone number is (571)270-0667.  The examiner can normally be reached on M-F 9:30-6.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Scott Baderman can be reached on 571-272-3644.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ALEKSEY OLSHANNIKOV/Primary Examiner, Art Unit 2142