DETAILED ACTION

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02 September 2021 has been entered.
By the above submission, Claims 1, 19, 20, 23, 27, and 34 have been amended.  No claims have been added or canceled.  Claims 1 and 19-36 are currently pending in the present application.

Response to Arguments

Applicant’s arguments with respect to the rejection of Claims 1 and 19-36 under 35 U.S.C. 103 (see pages 9-12 of the present response) have been considered but are moot in view of the new grounds of rejection set forth below.



Specification

The specification is objected to as failing to provide proper antecedent basis for the claimed subject matter.  See 37 CFR 1.75(d)(1) and MPEP § 608.01(o).  Correction of the following is required:  Independent Claims 1, 19, and 20 have been amended to recite “determining if a multi-step series of activities in network traffic on each network component is anomalous based at least in part on a detection of an anomalous pattern specific to the energy delivery network”.  Although the specification describes determining if a multi-step series of activities is anomalous, and generally describes anomalous patterns, there is not clear antecedent basis for the more detailed limitation that the anomalous pattern is specific to the energy delivery network, or that the determination of whether the series of activities is anomalous is based on detection of an anomalous pattern specific to the network.  For further detail, see below regarding the rejection under 35 U.S.C. 112(a) for failure to comply with the written description requirement.

Claim Objections

Claim 27 is objected to because of the following informalities:  
In Claim 27, line 2, it appears that “athe” may be intended to read “the”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112

The rejection of Claims 1 and 19-36 under 35 U.S.C. 112(b) as indefinite is withdrawn in light of the amendments to the claims.

The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1 and 19-36 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claims contain subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent Claims 1, 19, and 20 have been amended to recite “determining if a multi-step series of activities in network traffic on each network component is anomalous based at least in part on a detection of an anomalous pattern specific to the energy delivery network”.  Although the specification describes determining if a multi-step series of activities is anomalous in paragraph 0065, and generally describes 
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1 and 19-36 are rejected under 35 U.S.C. 103 as being unpatentable over Martinez et al, US Patent Application Publication 2014/0137257, in view of Yampolskiy et al, US Patent 9294498, and Heimerdinger et al, US Patent Application Publication 2006/0034305.
In reference to Claim 1, Martinez discloses a method that includes acquiring a first set of data from a first group of data sources including a plurality of network components within an energy delivery network (see paragraphs 0063 and 0156; see also Figure 3, step 302) and acquiring a second set of data from a second group of data sources including a collection of services associated with the network (see paragraph 0091; see also Figure 3, step 302); generating, for each network component, based on the first set of data, a first metric indicating a likelihood that the particular network component is affected by one or more vulnerabilities including determining if a multi-step series of activities in network traffic is anomalous (see paragraph 0090; see also Figure 6, steps 602-614; see further paragraphs 0259-0260 and 0068; paragraph 0074, traffic characteristics; paragraph 0200, historic activities, i.e. multi-step activity; see further paragraph 0192) and generating, for each network component, based on the second set of data, a second metric indicating a calculated impact on a portion of the network when a vulnerability affects the particular component (see paragraph 0091; see also Figure 6, step 616; see further paragraph 0192); and generating, for each network component, based on the first and second metrics, a third metric indicating an overall 
Yampolskiy discloses a method that includes generating a risk level using machine learning to weight metrics and combine them to generate a security score (see column 7, line 64-column 8, line 11; see also column 15, lines 33-50, and column 17, line 60-column 18, line 27, discussing various weighting schemes and different machine learning processes; see further column 20, lines 49-62, comparing scores to a threshold, column 12, line 38-column 13, line 5, determining a quantity of anomalous activity; column 12, lines 7-18, history information).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Martinez by incorporating machine learning, in order to better contextualize the security risks (see Yampolskiy, column 3, line 32-column 4, line 15, discussing advantages of contextualization; see also column 7, line 64-column 8, line 11, discussing machine learning to provide contextualization).
Further, neither Martinez nor Yampolskiy explicitly discloses determining that the multi-step series of activities is anomalous based on detected of an anomalous pattern specific to the energy delivery network.  Heimerdinger discloses a method that includes determining if a multi-step series of activities in network traffic on a network component is anomalous based on detection of an anomalous pattern specific to an energy delivery 
In reference to Claim 21, Martinez, Yampolskiy, and Heimerdinger further disclose incorporating user feedback and impact to customers (Yampolskiy, column 16, line 65-column 17, line 18; see also column 8, lines 32-49).
In reference to Claim 22, Martinez, Yampolskiy, and Heimerdinger further disclose a SCADA service, firewall service, log service, intrusion prevention service, SIEM service, or intrusion protection service (see Martinez, paragraph 0059; see also Heimerdinger, paragraph 0009).
In reference to Claim 23, Martinez, Yampolskiy, and Heimerdinger further disclose analyzing detected network traffic to generate the first metric (Martinez, paragraph 0259; Yampolskiy, column 15, lines 19-32; Heimerdinger, paragraph 0012).
In reference to Claims 24, 25, and 27, Martinez, Yampolskiy, and Heimerdinger further disclose analyzing a syntax indicator such as an IP address comparison, a computed indicator, or an advanced behavioral indicator based on analysis of a series of activities or a combination of indicators (Martinez, paragraph 0141, IP address; see also paragraph 0260).

In reference to Claim 28, Martinez, Yampolskiy, and Heimerdinger further disclose a customer information service, geographic information service, work management service, enterprise asset management service, customer care and billing service, enterprise communication service, or library service (see Martinez, paragraph 0059).
In reference to Claims 29-33, Martinez, Yampolskiy, and Heimerdinger further disclose customer data, operations data, or economic data (see Martinez, paragraphs 0135, 0084, 0163).
In reference to Claims 34 and 35, Martinez, Yampolskiy, and Heimerdinger further disclose generating plural third metrics associated with respective components in the network, ranking the components based on the third metrics, and providing a portion 
In reference to Claim 36, Martinez, Yampolskiy, and Heimerdinger further disclose an electricity, oil, or gas delivery network (Martinez, paragraph 0059, 0156; Heimerdinger, paragraph 0009).

Claim 19 is directed to a system having functionality corresponding to the method of Claim 1, and is rejected by a similar rationale, mutatis mutandis.
Claim 20 is directed to a software implementation of the method of Claim 1, and is rejected by a similar rationale.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Scherrer, US Patent 7739082, discloses a system for anomaly detection in, for example, power grids.
Datta Ray et al, US Patent 8856936 (previously cited in the Office action mailed 02 January 2019), discloses a system that detects anomalous patterns in power grids.
Ge et al, US Patent 9401924, discloses a system for detecting network intrusions using a rate of anomalies detected.
Moore, US Patent 9866578, discloses a system that scores network anomaly risk based on deviations from baseline usage.
Yong et al, US Patent Application Publication 2007/0245420, discloses a method that identifies deviations from historical network usage behavioral patterns.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870.  The examiner can normally be reached on Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 

/Zachary A. Davis/Primary Examiner, Art Unit 2492