Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is in response to the September 15. 2021.  Claim 1 has been amended. Claims 11-17 have been cancelled.  Claims 1-10 are pending and have been considered below.
Priority
17056659, filed 11/18/2020 is a national stage entry of PCT/US2019/032921, International Filing Date: 05/17/2019; PCT/US2019/032921 Claims Priority from Provisional Application 62673637, filed 05/18/2018.
Drawings
The drawings filed 11/18/2020 is accepted.
Response to Arguments
Applicant's arguments with respect to “Claim Rejections - 35 USC § 101”, remarks page 6 have been fully considered but they are not persuasive because: It should be noted that the inventive concept of the claim as technological improvements has not been fully captured by the claim. The claimed invention is directed to abstract idea without significantly more. The claim recites the limitation of “a mathematical formula or calculation that is used to calculate a probability that a cyber-attack will successfully ingress to the target network by combining the probability that the cyber-attack will successfully ingress, the probability that the cyber-attack will successfully move laterally, and the probability that cyber-attack will successfully perform an action on objective such that the one or more defenses of the target network may be apply the one or more defenses of the target network based on one or more of the calculated probabilies”.  The newly amended claimed limitations have been evaluated under the 2019 PEG and fails to integrate the judicial exception into a practical application. Limitations that are not indicative of integration into a practical application when recited in a claim with a judicial exception include: Adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, as discussed in MPEP 2106.05(f); Adding insignificant extra-solution activity to the judicial exception, as discussed in MPEP 2106.05(g); and Generally linking the use of the judicial exception to a particular technological environment or field of use, as discussed in MPEP 2106.05(h). The claim has been amended to apply one or more defenses the target network base on one or more of the calculated probabilities which is not sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the determining step amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


The claimed invention is directed to abstract idea without significantly more. The claim recites the limitation of “a mathematical formula or calculation that is used to calculate a probability that a cyber-attack will successfully ingress to the target network by combining the probability that the cyber-attack will successfully ingress, the probability that the cyber-attack will successfully move laterally, and the probability that cyber-attack will successfully perform an action on objective such that the one or more defenses of the target network may be evaluated” may be evaluated under its broadest reasonable interpretation, covers performance of the limitation in mind but for the recitation of generic computer components.  That is, other than reciting on a “processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “on a processor” language, “determining” in the context of this claim encompasses the user manually calculating the probability of success of a cyber-attack on a target network. Similarly, the limitation of calculating the probability that the cyber-attack will be successful by combining the probability that the cyber-attack will successfully ingress, the probability that the cyber-attack will successfully move laterally, and the probability that the cyber-attack will successfully perform an action on objective such that the one or more defenses of the target network may 
 This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a processor to perform determining, the calculating, and the generating steps. The processor is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of determining a probability of success of a cyber-attack on a target network to evaluate one or more defenses of the target network ) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the determining step amounts to no more than mere instructions to apply the exception using a generic computer 
Regarding dependent claims 2-11 the claims provides more details on how the different probabilities are calculated.  The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the determining step amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
The following prior art are cited to further show the state of the art at the time of applicant’s invention.
	Siva Kumar et al U.S. 9,591,006 B2 is directed toward lateral movement detection may be performed by employing different detection models to score logon sessions. The different detection models may be implemented by and/or utilize counts computed from historical security event data. The different detection models may include probabilistic intrusion detection models for detecting compromised behavior based on logon behavior, a sequence of security events observed during a logon session, inter-event time between security events observed during a logon session, and/or an attempt to logon using explicit credentials. Scores for each logon session that are output by the different detection models may be combined to generate a ranking score for each logon session. A list of ranked alerts may be generated based on the ranking score for each logon session to identify compromised authorized accounts 
Martin et al U.S. 2018/0004948 A1 is directed toward One variation of a method for predicting and characterizing cyber-attacks includes: receiving, from a sensor implementing deep packet inspection to detect anomalous behaviors on the network, a first signal specifying a first anomalous behavior of a first asset on the network at a first time; representing the first signal in a first vector representing frequencies of anomalous behaviors--in a set of behavior types--of the first asset within a first time window; calculating a first malicious score representing proximity of the first vector to malicious vectors defining sets of behaviors representative of security threats; calculating a first benign score representing proximity of the first vector to a benign vector representing an innocuous set of behaviors; and in response to the first malicious score exceeding the first benign score and a malicious threshold score, issuing a first alert to investigate the network for a security threat.
Gong et al U.S. 2016/0065601 A1 teaches a system configured to detect a threat activity on a network. The system including a digital device configured to detect a first order indicator of compromise on a network, detect a second order indicator of compromise on the network, generate a risk score based on correlating said first order indicator of compromise on the network with the second order indicator of compromise on said network, and generate at least one incident alert based on comparing the risk score to a threshold. 
Aziz U.S. 10,454,950 B1is directed toward method involves receiving one or more first indicators of an attack on a private network. Multi-second indicators of the attack are received. 
Gorodissky et al U.S. 2018/0219905 A1 Methods and systems for penetration testing of a networked system comprising a set of network-nodes by a penetration testing system (e.g. to enforce first and/or second rules) are disclosed herein. The penetration testing system comprises: (i) reconnaissance agent software module (RASM) installed on multiple nodes (each of which is a RASM-hosting node) of the networked system to be penetration-tested and (ii) a penetration testing software module (PTSM) installed on a remote computing device (RCD). Internal data from each of the RASM-hosting nodes is collected and transmitted to the RCD. Analysis of the internal data collected from multiple RASM-hosting network nodes determines a method for an attacker to compromise the networked system. The first and second rules are defined herein. Alternatively or additionally, one or more of the RASM instances are pre-installed on one or more RASM-hosting nodes before the penetration testing commences. 
Basset U.S. 2016/0205122 A1 teaches an improved method for analyzing computer network security has been developed. The method first establishes multiple nodes, where each node represents an actor, an event, a condition, or an attribute related to the network security. 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685.  The examiner can normally be reached on 6:30-3:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on 5712724219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






Wednesday, September 29, 2021
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436