Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is a responsive to the application filed on 05/31/2019.
Claims 1-18 are pending.
Claims 1-18 are rejected.

Specification
The disclosure is objected to because of the following informalities: 
Paragraph 0007 contains unrecognizable text in line 9 and should be corrected.
Appropriate correction is required.
The disclosure is objected to because it contains an embedded hyperlink and/or other form of browser-executable code in paragraph 0025. Applicant is required to delete the embedded hyperlink and/or other form of browser-executable code; references to websites should be limited to the top-level domain name without any prefix such as http:// or other browser-executable code. See MPEP § 608.01.

Claim Objections
Claims 6, 12, and 18 are objected to because of the following informalities:
Claims 6, 12, and 18 recite an abbreviation stating “GPS” and should be spelled out for clarity.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 2 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 2 recite the limitation "processing with a machine learning controller”, but it is unclear to the examiner if this is meant to refer to the “machine learning controller” in claim 1 or different “machine learning controller”. Applicant may overcome this rejection by optionally amending to state “processing with [[a]] the machine learning controller”.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Claims 1, 7, and 13 are respectively drawn to a system, method, and non-transitory computer-readable recording medium, hence each falls under one of four categories of statutory subject matter (Step 1).  Nonetheless, the claims are directed to a judicially recognized exception of an abstract idea without significantly more.  
Claims 1, 7, and 13 recite the following, or analogous, limitations “electronically creating a computer readable database including a plurality of network record connections based on a set of virtual node system data; electronically processing the computer readable database to output a set of cyber-vector entryways data; electronically processing the set of cyber-vector entryway data with a machine learning controller based on a machine learning training data including a set of centrality of nodes so as to create a  set of most probable cyber-vector conduits; and electronically outputting the set of most probable cyber-vector conduits to a graphical display screen”.  These limitations, as claimed, under its broadest reasonable interpretation, can be evaluated in a human mind, except for the recitation of generic computer components (electronically, a computer readable database, graphical display screen, one or more hardware processors, a machine learning controller, and a non-transient computer-readable storage medium) (Step 2A). Other than reciting “electronically”, “a computer readable database”, “graphical display screen”, “one or more hardware processors”, “a machine learning controller”, and “a non-transient computer-readable storage medium” to perform the exceptions, nothing in 
Claims 1, 7, and 13 include additional elements “electronically”, “a computer readable database”, “graphical display screen”, “one or more hardware processors”, “a machine learning controller”, and “a non-transient computer-readable storage medium”, however the recitations of these elements are at a high level of generality and generally link the use of the judicial exception to a particular technological environment or field of use; and further amount to mere data storing and data outputting, which are forms on insignificant extra-solution activities. The claimed “a machine learning controller” and “machine learning” are generally recited with no further details, thus generally link the use of the judicial exception to a particular technological see MPEP 2106.05(f)). The additional elements in the claim do not amount to significantly more than an abstract idea. Furthermore, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to the integration of the abstract idea into a practical application, the additional elements of using a “electronically”, “a computer readable database”, “graphical display screen”, “one or more hardware processors”, “a machine learning controller”, and “a non-transient computer-readable storage medium” to perform the steps of “creating”, “processing”, again “processing”, and “outputting” amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. (STEP 2B). As such, claims 1, 7, and 13 are not patent eligible.

mentally processing…a set of network system diagrams to create the set of virtual node system data (claims 2, 8, and 14) (e.g. by consciously remembering connections of a known network system from diagrams)
mentally determining the machine learning controller comprises deep machine learning (claims 3, 9, and 15) (e.g. by identifying the process of identifying vulnerable data receiving systems uses deep machine learning techniques of known data)
mentally determining the machine learning training data includes at least one chain of attack attribute data element (claims 4, 10, and 16) (e.g. by thinking of a route taken by an attack via the connected, vulnerable, data receiving systems for identifying the most vulnerable data receiving systems)
mentally determining the machine learning training data includes at least one likelihood of attack attribute data element (claims 5, 11, and 17) (e.g. by thinking of a percentage change an attack via the connected, vulnerable, data receiving systems will happen for identifying the most vulnerable data receiving systems)
mentally determining the machine learning training data includes at least one GPS location attribute data element (claims 6, 12, and 18) (e.g. by thinking of a physical location of the connected, vulnerable, data receiving 
Again, the dependent claims continued to cover the performance of the limitation in the mind as inherited from the independent claims (Step 2A, Prong 1). The dependent claims 2-3, 8-9, and 14-15 recitation of “a machine learning controller”, dependent claims 8 and 14 recitation of “one or more hardware processors”, and claims 4-6, 10-12, and 16-18 recitation of “machine learning” is again recited at a high level, no more than a generic computer component to apply the exception, generally link the use of the judicial exception to a particular technological environment or field of use, and do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea (Step 2A, Prong 2; see MPEP 2106.05(h)). The additional element in the claims do not amount to significantly more than an abstract idea. As discussed above with respect to the integration of the abstract idea into a practical application, the additional elements to perform the steps of in the dependent claims and perform the steps of detailing aspects of the judicial exceptions amount to no more than mere instructions to apply the exception using generic computer components and generally link the use of the judicial exception to a particular technological environment or field of use. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. (STEP 2B). As such, dependent claims 2-6, 8-12, and 14-18 do not amount to significantly more than an abstract idea nor provide any inventive concept, therefore are not patent eligible.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Sites et al (US Pub 20190356679) hereinafter Sites, in view of Gamble et al (US Pub 20190342307) hereinafter Gamble.
Regarding claims 1, 7, and 13, Sites teaches an electronic computer implemented method of data communication, a system configured for data communication, the system comprising: one or more hardware processors configured by machine-readable instructions, and a computing platform configured for data communication, the computing platform comprising: a non-transient computer-readable storage medium having executable instructions embodied thereon; and one or more hardware processors configured to execute the executable instructions to (paragraphs 0036-0038 teach computing devices including CPUs executing “instructions” from “memory” for performing the embodiments of the disclosure): 
electronically creating a computer readable database including a plurality of network record connections based on a set of virtual node system data (paragraphs 0022, 0068-0069, and Fig. 1 teach “client nodes” in a connected “network” used by users generating “records” (plurality of network record connections based on a set of virtual node system data); paragraphs 0022, 0141, and 0151 teach “database” (creating a computer readable database) of (including) user history information and “records” from clients); 
electronically processing the computer readable database to output a set of cyber-vector entryways data (paragraphs 0022, 0141, 0151-0153, 0163-0164 and Fig. 1 teach user information and “records” of “network” clients in a “database” being “partitioned” or “arranged” (electronically processing the computer readable database to output a set of cyber-vector entryways data) for use in determining client user vulnerability to a “malicious attack”); 
electronically processing the set of cyber-vector entryway data with a machine learning controller based on a machine learning training data including a set of centrality of nodes so as to create a set of most probable cyber-vector conduits (paragraphs 0022, 0141, 0151-0153, and Fig. 1 teach user history information and “records” of “network” clients (machine learning training data including a set of centrality of nodes); paragraphs 0119 and 0151 teach the data is used to train “[a]rtificial intelligence machine learning system” (machine learning controller) models; paragraphs 0022, 0193-0194, and 0203-0206 teach the ML model outputting “a group risk score based on a function of risk scores of each user within the group” of client users (so as to create a set of most probable cyber-vector conduits) for responding to “a type of malicious attack at a point in time”); and 
electronically outputting the set of most probable cyber-vector conduits to a graphical display screen (paragraphs 0122, 0137, and 203-206 teaches ML giving “group risk score” of all client user’s risk (outputting the set of most probable cyber-vector conduits) and displaying on a “screen” the user probability of attack (to a graphical display screen)).

Sites at least implies electronically outputting the set of most probable cyber-vector conduits to a graphical display screen (see mapping above), however Gamble teaches electronically outputting the set of most probable cyber-vector conduits to a graphical display screen (paragraphs 0010 and 0102 teach training “a neural network” on “known attack chains” to be clustered for enabling cyber security “alert generation for identified attacks” and attack chains between “machines” (most probable cyber-vector conduits); and paragraph 0105 teaches “display[ing] an interface with visual elements corresponding to security incidents”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to implement Gamble’s teachings of a NN for predicting cyber-attack chains and displaying alerts on an interface into Sites’ teaching 

Regarding claims 2, 8, and 14, the combination of Sites and Gamble teach all the claim limitations of claims 1, 7, and 13 above; and further teach further comprising electronically processing with a machine learning controller, a set of network system diagrams to create the set of virtual node system data (Sites, paragraphs 0022, 0141, 0151-0153, and Fig. 1 teach user history information and “records” of “network” clients (a set of network system diagrams); paragraphs 0022, 0193-0194, and 0203-0206 teach the ML model outputting (processing with a machine learning controller) “a group risk score based on a function of risk scores of each user within the group” of client users data (a set of network system diagrams to create the set of virtual node system data) for responding to “a type of malicious attack at a point in time”).

Regarding claims 3, 9, and 15, the combination of Sites and Gamble teach all the claim limitations of claims 1, 7, and 13 above; and further teach wherein the machine learning controller comprises deep machine learning (Sites, paragraphs 0058, 0060, 0119, and 0151 teach an ML “system” (controller) utilizing “Deep learning”).

Regarding claims 4, 10, and 16, the combination of Sites and Gamble teach all the claim limitations of claims 1, 7, and 13 above; and further teach wherein the machine learning training data includes at least one chain of attack attribute data element (Gamble, paragraphs 0010 and 0102 teach training “a neural network” on (machine learning training data includes) “known attack chains” (at least one chain of attack attribute data element) to be clustered for enabling cyber security “alert generation for identified attacks” and attack chains between “machines”).
Sites and Gamble are combinable for the same rationale as set forth above with respect to claims 1, 7, and 13.

Regarding claims 5, 11, and 17, the combination of Sites and Gamble teach all the claim limitations of claims 1, 7, and 13 above; and further teach wherein the machine learning training data includes at least one likelihood of attack attribute data element (Gamble, paragraph 0017 teaches “descriptive data” being “probability indicating likelihood that the security event is a false positive” (at least one likelihood of attack attribute data element); paragraph 0013 teaches descriptive data used to create graphs; and paragraphs 0016 and 0102 teach a “neural network” trained on (machine learning training data includes) the graphs (at least one likelihood of attack attribute data element)).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to implement Gamble’s teachings of training a NN on attack likelihood data for predicting cyber-attack chains into Sites’ teaching of using an ML model to predict client user group risk of responding to “a type of malicious attack at a point in time” in order to better “help ensure security mechanisms are focusing on investigating the significant threats” (Gamble, paragraph 0005).

Regarding claims 6, 12, and 18, the combination of Sites and Gamble teach all the claim limitations of claims 1, 7, and 13 above; and further teach wherein the machine learning training data includes at least one GPS location attribute data element (Gamble, paragraphs 0047 and 0061 teach “user login at atypical location” (at least one GPS location attribute data element) to generate graph; and paragraphs 0016 and 0102 teach a “neural network” trained on (machine learning training data includes) the graphs (at least one GPS location attribute data element)).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to implement Gamble’s teachings of training a NN on location data for predicting cyber-attack chains into Sites’ teaching of using an ML model to predict client user group risk of responding to “a type of malicious attack at a point in time” in order to better “help ensure security mechanisms are focusing on investigating the significant threats” (Gamble, paragraph 0005).

Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  
Lacerte et al (US Patent 9369484) teaches Lacerte teaches using machine learning algorithms for detecting location and progression of attack events in a database of cyber nodes on an airplane, then executing countermeasures.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CLINT MULLINAX whose telephone number is 571-272-3241.  The examiner can normally be reached on Mon - Fri 8:00-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexey Shmatov can be reached on 571-270-3428.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.M./Examiner, Art Unit 2123