DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 05/17/2022.
Status of claims in the instant application:
Claims 1-20 are pending.
No claim has been canceled.
Claims 1-11 have been amended.
No new claim has been added.
Response to Arguments
Applicant’s arguments, see page [23] of the remarks filed on 05/17/2022, with respect to objections to specification (Abstract) have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the specification objections are withdrawn.
Applicant’s arguments, see page [23] of the remarks filed on 05/17/2022, with respect to objections to claims have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim objections are withdrawn.
Applicant’s arguments, see page [24-26] of the remarks filed on 05/17/2022, with respect to rejections of claims under 35 USC 112 and interpretation of claims under 35 USC 112(f) have been fully considered in view of the claim amendments, and they are persuasive. Therefore, the claim rejections and interpretations are withdrawn.
Allowable Subject Matter
Claims 1-20 are allowed.
The following are examiner's statement of reasons for allowance: The following prior arts were yielded during the examination of applicant’s amended claim set filed on 05/17/2022  in response to office action mailed on 12/17/2021. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
PGPUG US 20030051026 A1 (Carter et al.): Carter discloses a system that monitors and protects the security of computer networks uses artificial intelligence, including learning algorithms, neural networks and genetic programming, to learn from security events. The invention maintains a knowledge base of security events that updates autonomously in real time. The invention encrypts communications to exchange changes in its knowledge base with separate security systems protecting other computer networks. The invention autonomously alters its security policies in response to ongoing events. The invention tracks network communication traffic from inception at a well-known port throughout the duration of the communication including monitoring of any port the communication is switched to. The invention is able to track and utilize UNIX processes for monitoring, threat detection, and threat response functions. The invention is able to subdivide the network communications into identifying tags for tracking and control of the communications without incurring lags in response times.
PGPUB US 20160078365 A1 (Baumard): Baumard discloses behavioral characteristics of at least a first machine component are monitored. A model that represents machine-to-machine interactions between at least the first machine component and at least a further machine component is generated. Using the monitored behavioral characteristics and the generated model, an incongruity of a behavior of at least the first machine component and the machine-to-machine interactions is computed, where the incongruity is predicted based on determining a discordance between an expectation of the system and the behavior and the machine-to-machine interactions, and wherein the predicting is performed without using a previously built normative rule of behavior and machine-to-machine interactions.
PGPUB US 20120109821 A1 (Barbour et al): Barbour discloses a behavioral based solution to user identity validation, useful in real-time detection of abnormal activity while a user is engaged in an online transaction with a financial institution. A risk modeling system may run two distinct environments: one to train machine learning algorithms to produce classification objects and another to score user activities in real-time using these classification objects. In both environments, activity data collected on a particular user is mapped to various behavioral models to produce atomic elements that can be scored. Classifiers may be dynamically updated in response to new behavioral activities. Example user activities may include login, transactional, and traverse. In some embodiments, depending upon configurable settings with respect to sensitivity and/or specificity, detection of an abnormal activity or activities may not trigger a flag-and-notify unless an attempt is made to move or transfer money.
However, none of the prior arts of record, alone or in combination, discloses all the limitations of the amended independent claims 1 and 11 specifically they do not disclose the combination of claim limitations as recited in amended independent amended claims, “where the analyzer module is further configured to use the one or more data analysis processes selected from a group consisting of i) an agent analyzer data analysis process configured to detect the cyber threat, previously unknown to the system, using either an 1) analysis of JA3 hashes when monitoring and analyzing a secured communication connection without needing to decrypt content in network traffic or 2) an analysis of user agent data when monitoring and analyzing an unsecured communication connection; ii) an Ngram data analysis process configured to assess an address string under analysis to determine the address string's 1) similarity to or 2) anomaly from known good and bad populations of address strings; iii) an exfiltration Docket No.: 034306-0006P15 Application No.: 16/941,870data analysis process configured to identify and correlate 1) data transfers to one or more online services as well as 2) data transfers to one or more other external network locations when multiple different Internet Protocol (IP) addresses exist for that online service or that other external network location; and iv) a network scan data analysis process configured to create a virtual tree of IP address space to detect when abnormal scans of one or more IP address ranges occurs … a formatting module configured to format, present, and output one or more supported possible cyber threat hypotheses as well as one or more refuted possible cyber threat hypotheses from any of the analyzer module and the assessment module into a formalized report, from a first template of a plurality of report templates, that is outputted for a human user's consumption in a medium of any of 1) printable report, 2) presented digitally on a user interface, 3) in a machine readable format for further use in machine-learning reinforcement and refinement, or 4) any combination of the three, where when any software instructions are implemented in the analyzer module, the Docket No.: 034306-0006P16 Application No.: 16/941,870cyber threat analyst module, the assessment module, and the formatting module, then the software instructions are stored in an executable form in one or more memories and are configured to be executed by one or more processors”.
Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed because of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434