DETAILED ACTION
This office action is in reply to applicant communication filed on May 02, 2022.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on May 02, 2022.

Claims 1-16 have been amended.
Claims 1-16 are pending.

Response to Argument
Applicant’s arguments filed on May 02, 2022 with respect to the 35 U.S.C. 102/103 rejections have been fully considered but are moot in view of new ground(s) of rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-3, 5-8, 10-13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Schultz (US Pub. No. 2015/0381649) in view of Kamath (US Pub. No. 2019/0286945).

As per claim 1 Schultz discloses:
An electronic computer implemented method of data communication, comprising: electronically processing with a machine learning controller, a plurality of virtual nodes with data payloads including the originating node attribute, infosec data attribute and the biometric enterprise attribute and the at least one data element associated with the originating node attribute to create an infosec control attribute:  (paragraph 11 of Schultz, the present disclosure relates generally to systems, apparatuses, and methods related to modeling risk as the probabilistic likelihood of loss, including financial loss, resulting from damage to a physical system, virtual system, data, and/or information assets in a computer network based on one or more cyber-attacks) and (paragraph 139 of Schultz, the block diagram 1400 depicts an embodiment of the described technology in which FIG. 14 takes input distributions forecasting 1402 are received by the risk model 1404 that produces output distributions 1406 that can be used by a financial loss-estimation model 1408 to compute probabilistic estimates of financial loss and/or other calculations) and (paragraph 138 of Schultz, inputs may include but are not limited to site configuration distribution(s) 1302, site policy and procedure distribution(s) 1304 (i.e., the claimed infosec data attribute), site and incident response distribution(s) 1306, asset location in the system and asset value distributions 1308 (i.e., the claimed originating node attribute) and/or other distributions 1310) and (paragraph 244 of Schultz, other attributes are used to rank an organization based on its attributes, such as assets, type of business (i.e., the claimed biometric enterprise attribute), number of employees, level of cyber security, geographical region, and nationality)
Electronically processing the data payloads in the network with machine learning, (paragraph 116 of Schultz, in various embodiments, in one of the first steps to forecasting, the threat forecasting model component 314 computes the attackers' characteristics and attackers' attack rates 312, which is input to the damage forecasting model component 314. The damage forecasting component 314 in some embodiments computes the asset damage 316, and inputs this information to the financial loss forecasting component 318, which computes the financial instrument loss as a function of time 320).
Real-time adjusting of a plurality of network infosec controls associated with the originating node attribute based on the infosec control attribute. (paragraph 80 of Schultz, use of the described technology is not limited to financial-risk assessment. One or more embodiments can be used, for example, for inputting real-time network data and providing updated risk assessments to forecast the probability of asset loss and the most likely contributing attack paths for different forecast time periods (e.g., one day, one week, or one year). This allows organizations to build a risk mitigation strategy and manage both immediate and longer-term risks in a self-consistent and systematic manner).
Schultz teaches the method of modeling the risk of cyber-attack (see paragraph 11 of Schultz) but fails to disclose:
The method of electronically processing with a machine learning controller, including a convolutional neural network and convolutional filters and wherein the machine learning controller uses enterprise network machine learning training dataset.
However, in the same field of endeavor, Kamath teaches this limitation as, (paragraph 11 of Kamath, the device trains, using a training dataset of images, the convolutional neural network to perform image classification by iteratively collecting variance metrics for each filter in each envelope cell, pruning filters with low variance metrics from the convolutional neural network, and appending a new copy of the envelope cell into the convolutional neural network) and (paragraph 31 of Kamath, machine learning can be used for network security purposes, such as detecting malicious or otherwise undesired operations (e.g., traffic associated with malware, etc.)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schultz and include the above limitation using the teaching of Kamath in order to detect malicious or undesired operations using machine learning and secure the computing system (see paragraph 31 of Kamath).

Claims 6 and 11 are rejected under the same reason set forth in rejection of claim 1:

As per claim 2 Schultz in view of Kamath discloses:
The method of claim 1, further comprising electronically processing with the machine learning controller, the data payload including a network anomaly attribute. (Paragraph 263 of Schultz, the attacker attributes and attack rates can be input from the user and/or dynamically read from a file for categories of targeted organizations). 

Claims 7 and 12 are rejected under the same reason set forth in rejection of claim 2:

As per claim 3 Schultz in view of Kamath discloses:
The method of claim 1, wherein the at least one data element associated with the originating node attribute comprises an electronic messaging control element. (Paragraph 43 of Schultz, examples of intangible assets include, but are not limited to, marketing assets (trademarks, trade names, brand names, logotypes), technology assets (patents, patent applications), artistic assets, data processing assets (software and software copyrights), engineering assets, customer-related assets (including relationship, contracts and lists), human capital assets, location-related assets (easements and mineral- or oil-exploitation rights, water and air rights), online-related assets (domain names, web site design)). 

Claims 8 and 13 are rejected under the same reason set forth in rejection of claim 3:

As per claim 5 Schultz in view of Kamath discloses:
The method of claim 1, wherein the at least one data element associated with the originating node attribute comprises a GPS location attribute. (Paragraph 65 of Schultz, "Site" refers to, in various embodiments, an organization's intangible and tangible assets; primary, secondary, and other networks; and/or other objects that are part of the risk and related forecast calculations. The term "site" does not restrict the definition to a single geographical location, but also includes other locations that are connected by network communication). 

Claims 10 and 15 are rejected under the same reason set forth in rejection of claim 5:

Claims 4, 9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Schultz (US Pub. No. 2015/0381649) in view of Kamath (2019/0286945) and further in view of Coglitore (US Pub. No. 2016/0028830).

As per claim 4:
The combination of Schultz and Kamath teaches the method of modeling the risk of cyber attack (see paragraph 11 of Schultz) but fails to disclose:
The method of claim 1, wherein the at least one data element associated with the originating node attribute comprises a log data attribute.
However, in the same field of endeavor, Coglitore teaches this limitation as, (paragraph 63 of Coglitore, the content prediction module 310 can select content items based on one or more machine learning models (e.g., Gaussian mixture model, support vector machines, or hidden Markov models). The content prediction module 310 can build a machine learning model using the profile attributes of the users on the user list 516, network activities recorded in the island activity log 520, attributes of the network island profile 502A, or any combination thereof as features. The previously requested content items and the features can serve as the training set for building the machine learning model).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schultz and Kamath to include the above limitation using the teaching of Coglitore in order to secure the computing system using user/device activities generated from the log data. 

Claims 9 and 14 are rejected under the same reason set forth in rejection of claim 4:

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Schultz (US Pub. No. 2015/0381649) in view of Kamath (US Pub. No. 2019/0286945) and further in view of Borup (US Pub. No. 2018/0293400).

As per claim 16:
The combination of Schultz and Kamath teaches the method of modeling the risk of cyber attack (see paragraph 11 of Schultz) but fails to disclose:
The computing platform of claim 11, wherein the machine learning controller comprises a deep learning processor.
However, in the same field of endeavor, Borup teaches this limitation as, (paragraph 43 of Borup, The master processor 310 uses the machine learning models that were created by the other components. The master processor 310 prforms a deep analysis of the file to be transferred using the machine lerning models).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Schultz and Kamath to include the above limitation using the teaching of Borup in order to secure the computing system using deep learning processor that provide higher efficiency and performance that the general processor. 


Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Treat (US Pub. No. 2017/0264628). Treat discloses the methods and systems for detetecting an anomalous activity based on the monitored network communications associated with user behavior profile. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TESHOME HAILU/Primary Examiner, Art Unit 2434