Notice of Pre-AIA  or AIA  Status
Claims 1-33 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 2/27/19 has been considered by the Examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-33 are rejected under 35 U.S.C. 103 as being unpatentable over Pratt (U.S. Patent 10,673,880) in view of Li (U.S. Patent 11,075,929).

Regarding claims 1, 13, and 23:
Pratt discloses a computational system, device, and method comprising: a plurality of endpoint devices each comprising: 1) a processor; 2) an operating system; 3) a computer memory (e.g. the host and/or client devices of Figure 2A and col. 11, lines 40-57 & col. 12, lines 23-35; see also col. 60, lines 1-40 regarding these devices machine learning model to detect anomalous behavior, and upon detecting such behavior, instructing an actuator to take a specified mitigation action (e.g. the machine learning rules-based security system beginning at col. 8, lines 35-66 etc.; ability to process time-stamped [i.e. time-windowed] data at e.g. col. 16, lines 35-55); and b. a network aggregator comprising for receiving data from the intelligent controllers of the endpoint devices, the received data including sensor data and data characterizing anomalous behavior detected by the machine learning models of the intelligent controllers (e.g. col. 9, lines 15-33), the network aggregator comprising: 1) a processor; 2) a computer memory for storing executable instructions and the predictive response models of the endpoint devices (col. 60, lines 1-40); and 3) instructions stored in the memory and executable by the processor for (i) updating at least some of the predictive response models based at least in part on data received from a plurality of intelligent controllers 
Pratt as cited uses machine learning models to implement his invention, and in at least some embodiments the models can make predictions on how to respond to certain event data (col. 39, lines 30-35).  Assuming arguendo that this is not sufficient to be a predictive response model, Li discloses a related invention for using machine learning models to detect anomalies in a computer network, specifically using predictive response models (e.g. col. 21, lines 5-20).  It would have been obvious prior to the effective filing date of the instant application to employ predictive response models as one or more machine language models already employed by Pratt, as doing so allows the system to add rules to better detect anomalies in ways that the human engineers creating the system may not have otherwise recognized (Li, Ibid.; cf. Pratt, col. 39, lines 20-25).

Regarding claims 2, 14, and 24:	The combination further discloses wherein the sensors each include a classifier for assessing a risk associated with the monitored calls to the operating system (Pratt: col. 40, lines 5-25).

Regarding claims 3, 15, and 25:	The combination further discloses wherein the classifier is a Bayes classifier (Pratt: col. 40, lines 5-25).


Regarding claims 5, 17, and 27:	The combination further discloses wherein the intelligent controllers are configured to assess, after instructing an actuator to take a specified mitigation action, a degree of effectiveness of the mitigation action (Pratt: invention receives feedback as to the accuracy of the alert at col. 9, lines 45-65; and col. 23, lines 10-17).

Regarding claims 6 and 28:	The combination further discloses wherein the data received by the network aggregator from the intelligent controllers includes the degree of effectiveness of the mitigation actions (Pratt: Ibid.).

Regarding claims 7, 18, and 29:	The combination further discloses wherein the predictive response models of the intelligent controllers are machine-learning models (Pratt: e.g. Abstract, etc.; Li: col. 21, lines 5-20).



Regarding claims 9, 20, and 31:	The combination further discloses wherein at least some of the machine-learning models include an unsupervised learning algorithm (Pratt: Ibid.; Li: col. 17, lines 40-43).

Regarding claims 10, 21, and 32:	The combination further discloses wherein the predictive response models are user-specific (Pratt: col. 35, lines 25-27).

Regarding claims 11 and 22:	The combination further discloses 10, wherein each endpoint device further comprises a user database having fields for applications hosted by the endpoint device, permitted users for each application, and for each user, a pointer or link to a user-specific predictive model (Pratt: col. 10, lines 28-47).

Regarding claims 12 and 33:	The combination further discloses wherein the network aggregator is configured to update the predictive response models based on received sensor data as well as user behavior and privilege levels (Pratt: col. 26, lines 10-35).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
U.S. Patents 11,194,901 (El-Moussa); 10,558,809 (Joyce); and 9,641,544 (Treat)
U.S. Patent Publications 2019/0220760 (Kolar), 2018/0007084 (Reddy), 2017/0288988 (Pignataro), 2017/0214702 (Moscovici), & 2017/0093910 (Gukal)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        2/11/2022