DETAILED ACTION

Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined.

Priority
Acknowledgment is made of applicant's claim for priority based on US Provisional Application No. 62/824,749 filed on 3/27/19.

Claim Objections
Claims 1-19 are objected to. 
Specifically the language of claims 6-7 is unnecessarily complex: “receiving data … [being] performed” should be simplified in claim 6 (e.g. “wherein the is received by a cloud monitoring service from at least one internet connected device located in the field 
Claim 11 is drafted in the fashion that follows commonly used differently required meaning.  A skilled in the art would expect using the language “wherein the at least one of internet connected device is a computer, a gateway, and an industrial internet of things component” in the structure used by applicant. 
Given the fact that, as written, applicant appears to require the internet connected device to meet the “definition” of three “different” devices applicant should simplify the language, e.g. “wherein the at least one internet connected device is gateway computer component” in order to avoid any potential misinterpretation.
The term “internet” in claims 1-3, 5-7 and 10-11, as well as “internet of things” in claim 11 should start with capital letters: “Internet” and “Internet of Things”. 
Claim 18 should end with period.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), first paragraph:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention.


Claim(s) 20 is/are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. As described below, the disclosure does not provide adequate structure of the claimed means plus function elements (i.e.  functional blocks, transmitting block, elementary flow transmitter component, etc.), see paragraph 15.
    
Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 

Claim(s) 1-19 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
“[T]he connected device” in claim 3 lacks antecedent basis and it is not clear whether refers to/articulates “the at least one internet connected device” or whether it requires a device other than the internet connected device.
The claim language requires “determining when a fault condition exists in the at least one artificial intelligence analysis of data” (claim 1), which suggests that essentially the language requires checking correctness of the analysis based on the received data, while specification suggests that it is data indicating (allows to detect) of a fault condition based at least one artificial intelligence analysis, something that seems to be captured better by claim 10 language: “determining a presence of a fault condition with the data based on one artificial intelligence analysis of the data”.  
Note that claim 10 is not expressly limit the scope to the presumable meaning of the claim; thus, in light of claim 1, 10 and the specification, it is not clear what exactly applicant attempts to patent. 
The limitation “… performing an automated response to the fault condition changing at least one parameter of the network and the at least one device”, of claim 10 is not understood.  First it is not clear whether 
there is something missing in “performing an automated response to the fault condition changing” (e.g. “and” or “by” before changing),
 whether the claim requires (and if so, how possibly it would do it) automatically changing the device or the at least one parameter of the device or, 
whether it requires changing the parameter of the at least one of the network and (or) the device.  
It appears that the limitation should be read as: “… performing an automated response to the fault condition by changing at least one parameter of the network and the at least one parameter of device” but applicant should clarify the limitation.
For the purpose of the initial prosecution the claims are examined as best understood but once applicant clearly defines the scope of the claims, the claims may be subject to 35 U.S.C. 112(a) (written description) rejection.  
While clarifying/amending language applicant should pay attention to “related” dependent claims (e.g. claim 7, 9 and 12-13, for example).

Claims 17 and 20 invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
Although the specification recite the various systems it does not enables the examiner to clearly identify correlation of the specific "means” to the disclosed structure, act or materials carrying out claimed means, e.g. the security incident event management system configured to aggregate and correlate incidents received from the network.  Thus, the examiner is unable to interpret the exact scope of claim limitations under and, therefore, the claim(s) is/are indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Appropriate correction/clarification is required.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim(s) 1 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Przechocki (USPUB 20190188797).


As per claims 1 and 3, Przechocki teaches a method of performing a computer network action, comprising: receiving data from at least one internet connected device located in a field (monitoring Internet of Things data exchange, where sensor communicates data employing public/private clouds and Internet, para 29, 52, 61, claims 2, 13, etc.); performing at least one artificial intelligence analysis of the data received from the at least one internet connected device (employing artificial intelligence algorithms in the data risk evaluation, para 43, 46, etc.); determining when a fault condition exists in the at least one artificial intelligence analysis of the data received from the at least one internet connected device (analysis triggered alarm, para 46-47); when the fault condition exists, perform an automated response to the fault condition through the artificial intelligence analysis (an active risk mitigation responsive to the received result of analysis such as shut down, for example when alarm is triggered human intervention may be used to take control of the devices remotely, e.g. modify operation, etc. in response to the artificial intelligence risk evaluation para 39, 43, 46-47); and continuing to receive further data from the at least one internet connected device located in the field, when the fault condition does not exist (not only implicit: clearly Przechocki’s does not limits his invention to a one time use system but specifically suggests continuous monitoring of devices, e.g. para 45, 113, etc.).
The set of elements performing the functionalities of the cited labels (e.g. a security operations center) meet the limitations of these labels.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This rejection under 35 U.S.C. 103 might be overcome by: (1) a showing under 37 CFR 1.130(a) that the subject matter disclosed in the reference was obtained directly or indirectly from the inventor or a joint inventor of this application and is thus not prior art in accordance with  35 U.S.C. 102(b)(2)(A); (2) a showing under 37 CFR 1.130(b) of a prior public disclosure under 35 U.S.C. 102(b)(2)(B); or (3) a statement pursuant to 35 U.S.C. 102(b)(2)(C) establishing that, not later than the effective filing date of the claimed invention, the subject matter disclosed and the claimed invention were either owned by the same person or subject to an obligation of assignment to the same person or subject to a joint research agreement.  See generally MPEP § 706.02(l)(1) and § 706.02(l)(2).  


Claim(s) 2, 4-20 is/are rejected under 35 U.S.C. 103 unpatentable over Przechocki (USPUB 20190188797) in view of Pendergast (USPN 10681071), Maybee (UPSBU 20180198765) and Rowland (UPSUB 20140282871).
As per claims 10 and 18-19, Przechock teaches a method of monitoring a computer network and performing an artificial intelligence-based action, comprising: at least one of receiving data from at least one internet connected device and querying data from the at least one internet connected device at a cloud-based monitoring service (monitoring Internet of Things data exchange, where sensor communicates data employing public/private clouds and Internet, para 29, 52, 61, claims 2, 13, etc.), performing at least one artificial intelligence analysis of the data received from the at least one internet connected device in the cloud-based monitoring service (employing artificial intelligence algorithms in the data risk evaluation, para 43, 46, etc.); determining a presence of a fault condition with the data based on one artificial intelligence analysis of the data received from the at least one internet connected device (analysis triggered alarm, para 46-47), when the fault condition exists, notifying a security operations center of the fault (communicate the alarm, para 46-47); at the security operations center, performing an automated response to the fault condition changing at least one parameter of the network and the at least one device (an active risk mitigation responsive to the received result of analysis such as shut down, for example when alarm are triggered human intervention may be used to take control of the devices remotely, e.g. modify operation, etc. para 39, 46), and continuing to receive further data from the at least one internet connected device located in the field, when the fault condition does not exist (not only implicit: clearly Przechocki’s does not limits his invention to a one time use system but specifically suggests continuous monitoring of devices, e.g. para 45, 113, etc.), the automated incident handling system is configured to manage incidents received from the network (a risk monitoring data associated with a stream of sensor data received via communication network used in risk mitigation of, abstract); the cloud-based monitoring service is configured with an integration application programming interface (Fig. 8, 10, 17 and the associated text)..
Note that as used in the claims, the cited labels are nonfunctional.  They are just labels not limited by any particularly claimed functionalities underlining their distinctness from non-cloud elements.  Thus, given the fact that Przechocki clearly indicates the invention within cloud system context, the examiner ascertain that Przechocki’s set of elements cited in the claims satisfy the label.  
However, for the purpose of the expedited prosecution, Official Notice is taken that having/implementing any of these elements within the cloud environment would have been old and well-known variant in the art of networking (as also exampled a particular application as pertaining to claim 13, for example).
As per claim 2, although Przechocki does not expressly teaches querying devices, a skilled in the art would readily appreciate that there are essentially two finite solutions to obtain data from a device: a device initiating the exchange or the device being queried for the data, either one being obvious choice while (Official Notice is taken that) querying devices would have been old and well known in the art of computing given the predictable benefit of network data exchange.
As per claims 5 and 11, Przechocki teaches the at least one internet connected device is a computer and an industrial internet of things component (the device (monitoring Internet of Things data exchange, where devices can be IoS computing devices, para 29, 48, 52, 61) but fails to teach a gateway.  However, it is noted that using a particular type/name for the device in the Przechocki’s invention would not affect the functionality of the invention, thus would not distinguish the claimed invention from the prior art in the terms of patentability.  Thus, this descriptive material does not distinguish the claimed invention from the prior art in the terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401,404 (Fed.Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994).  Furthermore, Official Notice is taken that gateways were old and well known in the art of networking before the effective filling date of the invention and extending Przechocki to any particular device, including gateway, would have been obvious variant amounting merely to a design choice while offering the benefit of customization.
As per claims 4-9, 12-16 and 19-20, Przechocki as modified teaches performing the automated response to the fault condition changing at least one parameter of the network and the at least one device but fails to teach the response being performed through running a playbook. However, Pendergast suggests such solution (automated response according to the playbook, col. 14 lines 25-35).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include (or substitute) known solutions as taught by Pendergast’s teaching into Przechocki’s as modified invention given the benefit of predictable benefit of an automated and orchestrated network security response.
Furthermore, Przechocki’s invention could be performed by hardware/software or any combination of these approaches (para 36, for example) the set of elements performing the functionalities of the cited labels (e.g. response module, automated incident management system, etc.).  However, although Przechocki as modified teaches action performed the security operations center employing playbook to run responses and the fact that the invention pertaining to the cloud environment, the references does not expressly teaches running these responses through a cloud interface.  However, such solution would have been obvious to one of ordinary skill in the art before the effective filling date of the invention as illustrated by Maybee (remediation process action via cloud interface, para 145-165 and 198, for example) while including such solution would offer scalability and predictable benefit of scalable and customized access.
Lastly, the claimed limitation of claim 17 permit various interpretation.  For example, Fig. 10 with the associated text could be treated as an evidence of Przechocki satisfying the required limitation.  However, for the purpose of the expedited prosecution, the examiner offers Rowland (modules to aggregate and correlate arrived events, para 31). It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include Rowland’s teaching into Przechocki as modified invention given the benefit of improving clarity of the received data.
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peter Poltorak whose telephone number is (571) 272-3840.  The examiner can normally be reached Monday through Thursday from 9:00 a.m. to 5:00 p.m. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PIOTR POLTORAK/Primary Examiner, Art Unit 2433