DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Terminal Disclaimer
The terminal disclaimer filed on 06/13/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Pat. No. 10,594,710 and U.S. Pat. No. 10,594,710 has been reviewed and is accepted.  The terminal disclaimer has been recorded.


Allowable Subject Matter
Claim 1-20 are allowed.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record. 
Claims 1-20 are allowed for the following reasons:
In parent application 15/355,561 (now U.S. Pat. No. 10,594,710) The prior art of record that was found and cited comprised the following reference(s): 
U.S. 2012/0072983 A1	“McCusker”
U.S. 2016/0028750 A1	“Di Pietro”
McCusker discloses a method of collecting sensor data of possible threats to a computer network, in particular describing clustering algorithms to normalize the raw sensor data. 
Di Pietro discloses detecting an unexpected behavior of a network node and calculating an anomaly score in connection with the possibly malicious network node. 
In an interview held 12/17/2018, the examiner and applicant agreed that the combination of references failed to disclose each and every limitation set forth by the claim. In particular, on pg. 11 of the remarks applicant argues that the combination of references fail to disclose: “evaluating the evidence vector against one or more directional vectors of a directional cluster mapping of previously observed events to generate a first score” and “evaluating the evidence vector against one or more magnitude vectors of a magnitude cluster mapping of previously observed events to generate a second score”. The prior art would need to disclose both creating a vector for the perceived network event as well as a cluster mapping of the events to generate a first and second score. 
As MPEP 2103 discloses: “…when evaluating the scope of a claim, every limitation in the claim must be considered. Examiners may not dissect a claimed invention into discrete elements and then evaluate the elements in isolation. Instead, the claim as a whole must be considered. See, e.g., Diamond v. Diehr, 450 U.S. 175, 188-89, 209 USPQ 1, 9 (1981) ("In determining the eligibility of respondents’ claimed process for patent protection under § 101, their claims must be considered as a whole. It is inappropriate to dissect the claims into old and new elements and then to ignore the presence of the old elements in the analysis. This is particularly true in a process claim because a new combination of steps in a process may be patentable even though all the constituents of the combination were well known and in common use before the combination was made.").”
In view of MPEP 2103, the examiner believes that the “claim as a whole” appears to be novel and non-obvious in light of not only the cited prior art but also in light of the evidence found in an updated prior art search. 
Therefore, the prior art of record does not teach or suggest individually or in combination the particular limitations listed below as recited in the current claims:
“evaluating the evidence vector against one or more directional vectors of a directional cluster mapping of previously observed events to generate a first score” and “evaluating the evidence vector against one or more magnitude vectors of a magnitude cluster mapping of previously observed events to generate a second score”.
Regarding this continuation application: The claims in the continuation application are not identical in that the claims disclose: 
“evaluating the evidence vector against a directional cluster mapping of previously observed events” [omitting this is used to generate a first score] and “evaluating the evidence vector against a magnitude cluster mapping of previously observed events” [omitting that the this is used to generate a second score]. 
However, this is merely a minor technical detail as the composite score is later generated from both the evaluation of the direction cluster mapping evaluation as well as the magnitude cluster mapping evaluation. Furthermore, this continuation application also adds that the composite score represents a probability that the evidence vector for the event represents a network anomaly. 
For this reason, the reasons for allowance given in the parent application are equally applicable in this continuation application. 
Nevertheless, the examiner updated the search to adjust for the slightly altered claim language over the allowed parent application. However, this new search did not reveal any prior art references that either anticipated or rendered obvious the claimed invention. Because of the applicant’s agreement to file a terminal disclaimer over the allowed parent applications, the examiner finds the claims in condition for allowance. 
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Alexander Lagor whose telephone number is (571)270-5143. The examiner can normally be reached Monday thru Friday, 9:00 AM to 5:00 PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashokkumar B. Patel can be reached on (571) 272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491