Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 16/382,626 is presented for examination by the examiner.  Claims 1-14 were pending.  Claim 15 is added.

Response to Amendment

Election by Original Presentation

Newly submitted claim 15 is directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: directed to detecting an event and storing it in a database and does not require sending the response to the network.
Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits.  Accordingly, claim 15 is withdrawn from consideration as being directed to a non-elected invention.  See 37 CFR 1.142(b) and MPEP § 821.03.




Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):


The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-14 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  Support in the original disclosure could not be found which described including the response to the event in the message along with event as currently amended.  No passages seem to discuss this feature or sharing the first response and having the recipient of the message perform a different response.  Fig. 1 at best seems to suggest the recipient performed the same response that the sender did.  


The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



As per claim 5, the signing step is still unclear.  Claim 5 recites a second message.  The (initial) message was recited in claim 1.  If the initial message was signed pertaining to the first attack event by the processor, then what happens as a result of comparing the first message signature and the second message signature?  Is this performing a different response conditioned to the comparison?  The specification reads: [t]he computing systems 12 then receive the signed message [second message] from one of the other of the plurality of computing systems 12 via the network 14, compares the signature [second signature] included in the message [second message] with its own, and then perform the unique response to the attack event 10.  The computing systems 12 may discard the message if the signatures do not match [Examiner notation in italicized brackets]. The confusion relates to what is being compared.  The specification seems to suggest the system compares its own signature to the signature included in the second message.  The claim compares a signature of the first message to the signature of the second message is from another peer in the network why is the signature of the processor of claim 5 in a message from another peer? This is not clear or supported by the specification.  
Similarly, claim 12 provides for signing the message which was sent in claim 8.  Claim 12 is also dependent on claim 11 which already addressed 
Appropriate correction is required.



Response to Arguments
Applicant's arguments filed 10/22/21 related to the claim amendments have been fully considered but they are not persuasive.  The arguments address limitations which do not find supportive description in the originally filed specification.  As such those limitations are interpreted in view of the applied prior art as discussed below.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, 6, 8-10, and 13 are rejected under 35 U.S.C. 103 as being unpatentable over USP Application Publication 2014/0237599 to Gertner et al., hereinafter Gertner in view of USP Application Publication 2017/0118241 to Call et al., hereinafter Call.
As per claims 1 and 8, Gertner teaches a system for securing a network (Fig. 1) comprising: a computing system of a plurality of computing systems connected via a network, the computing system comprising a processor, a memory, a user interface, and a communications interface, wherein the memory comprises computing device-executable instructions so that, when executed by the processor, the processor: detects an attack event (0028); performs a first response of a plurality of responses to the attack event [distributes warnings and countermeasures] and sends a first message comprising the attack event to the other of the plurality of computing systems via the network (0028), wherein each of the other of the plurality of computing systems receive the message (0054), whereby the system self orchestrates a coordinated systemic response to the attack event (0029).  Gertner is silent in explicitly teaching each of the other plurality of computing systems perform a different response of a plurality of responses to the attack event.  Call teaches each of the other plurality of computing systems perform a different response of a plurality of responses to the attack event (0049, 0079, and 0083).  Both Gertner and Call teaches sending multiple countermeasures and Call specifically sends different version to be tested and reported back on.  Call can use this approach to find the best remedy to a given attack.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  

As per claims 3 and 10, Gertner teaches the processor checks the database for a match of the attack event (0058, 0059, and 0076); and stores the attack event to the database if the match is not found [because the known attacks which were previously encountered are in the database it is implied that they were put there when they were first encountered].
As per claims 6 and 13, Gertner teaches the message is shared from the plurality of computers with a plurality of remote computers (0054) over the Internet (0050).

Claims 4, 5, 11, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Gertner and Call as applied to claims 1 and 8 above, and further in view of USP 7,571,474 to Ross et al., hereinafter Ross.

As per claims 4 and 11, Gertner and Call are silent in explicitly teaching the processor signs the message prior to sharing the message with the other of the plurality of computing systems.  On the other hand, Ross teaches the processor signs the message prior to sharing the message with the other of the plurality of computing systems (col. 11, lines 60-62).  Applying a digital signature to a message is well-known in the art and provide for anti-tampering and proof of sender.  Signing the countermeasure messages achieves a predictable result and would allow the agents to 
As per claims 5 and 12, Gertner and Call as combined above teach the processor receives a second message from one of the other of the plurality of computing systems via the network, wherein the second message comprises a second attack event (Gertner; 0028); and performs a different response of the plurality of responses to the attack event (Call: 0083).  Gertner explicitly says the agents can be peer to peer so that would mean sometimes the agents message countermeasure and other times it receives countermeasure to test (0054).  Gertner and Call are silent in explicitly teaching signs the message and compares its' signature to the signature included the message.  Ross teaches both signing message and checking digital signature on message for the reasons stated above.  The claim is obvious because one of ordinary skill in the art can combine known methods which do not produce unpredictable results.  



Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Gertner and Call as applied to claims 1 and 8 above, and further in view of USP Application Publication  2019/0028493 to Endo et al., hereinafter Endo.

As per claims 7 and 14, Gertner and Call are silent in explicitly teaching the processor purges attack events from the database that are stored on the database for a .  

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431