Notice of Pre-AIA  or AIA  Status
     The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

                    Objection to the Specification 
The following guidelines illustrate the preferred layout for the specification of a utility application. These guidelines are suggested for the applicant’s use.
        (1)    As provided in 37 CFR 1.77(b), the specification of a utility application should include the following sections in order. Each of the lettered items should appear in upper case, without underlining or bold type, as a section heading. If no text follows the section heading, the phrase “Not Applicable” should follow the section heading:
(a) TITLE OF THE INVENTION.
(b) CROSS-REFERENCE TO RELATED APPLICATIONS.
(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT.
(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT.
(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A COMPACT DISC OR AS A TEXT FILE VIA THE OFFICE ELECTRONIC FILING SYSTEM (EFS-WEB). 
(f) STATEMENT REGARDING PRIOR DISCLOSURES BY THE INVENTOR OR A JOINT INVENTOR.
(g) BACKGROUND OF THE INVENTION.
(1) Field of the Invention.
(2) Description of Related Art including information disclosed under 37 CFR 1.97 and 1.98.
(h) BRIEF SUMMARY OF THE INVENTION.
(i) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S).
(j) DETAILED DESCRIPTION OF THE INVENTION.
           (2)    The specification of the invention is provided using single spacing. The Examiner recommends the Applicant provide the specification with double or one and half spacing.
       The Examiner recommends that the Applicant provide the “replacement” specification with changes suggested in (1) and (2). 
        
                      Claim Rejections - 35 USC § 112
      The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
 

        Claims 1-12 are rejected under 35 U.S.C. 112(a) as being specification does not contain written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains.
         Regarding claim 1, claim 1, lines 15-16 recites “leveraging measure-countermeasure time window.  The specification (USPGPUB 20210174128) in paragraph 0299, lines 1-8, disclose measure-countermeasure time window.  However  the specification does not disclose what is leveraging measure-countermeasure time window and how “leveraging measure-countermeasure time window is determined and how leveraging measure-countermeasure time window is implemented and achieved.
         Therefore the specification lacks the enablement requirement for claim 1 and therefore claim 1 is rejected. 
          Similarly dependent claims 2-15 are also rejected because they are dependent on rejected independent claim 1.
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


	Claim 1-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
           Regarding claim 1, lines 15-16 recites “leveraging measure-countermeasure time window.  The specification (USPGPUB 20210174128) in paragraph 0299, lines 1-8,   disclose measure-countermeasure time window.  This limitation of claim 1 is vague and indefinite and not obvious for one having ordinary skill in the art to understand the invention as a whole because   the specification does not disclose what is leveraging measure-countermeasure time window and how “leveraging measure-countermeasure time window” is determined and how leveraging measure-countermeasure time window is implemented and achieved.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-12  are rejected under 35 U.S.C. 103 as being unpatentable over Dupont et al. (US 20140096249) in view of Kaler et al. (US 200400033286).
Regarding claim 1 Dupont disclose allowing the computer to receive an at least one electronic media communication data set from an electronic medium (Dupont Figs. 12-14, paragraphs 0220-0222, paragraph 0002 and paragraph 0025 states “The system is able to infer potentially damaging activities, whether of unintentional or malicious nature, without requiring the prior definition of the type and characteristics of these activities. It relies on the analysis of potentially massive volumes of heterogeneous electronic data (includes both text-bearing and non-text-bearing records) stored inside or outside any organization. That analysis can be performed either in discrete increments or in real-time. The present disclosure establishes structural and semantic patterns from the analyzed data and builds a predictive multi-dimensional model of both individual and collective behavior which allows detecting abnormal patterns in these behaviors as well”. All this obviously corresponds to allowing the computer to receive an at least one electronic media communication data set from an electronic medium).
 the at least one communication data set is comprised of an at least one element selected from the group of text, image, video, and audio, computing from the at least one data set with an analytics engine (Dupont paragraph 0025 states “The system is able to infer potentially damaging activities, whether of unintentional or malicious nature, without requiring the prior definition of the type and characteristics of these activities. It relies on the analysis of potentially massive volumes of heterogeneous electronic data (includes both text-bearing and non-text-bearing records) stored inside or outside any organization. That analysis can be performed either in discrete increments or in real-time. The present disclosure establishes structural and semantic patterns from the analyzed data and builds a predictive multi-dimensional model of both individual and collective behavior which allows detecting abnormal patterns in these behaviors as well”. This obviously corresponds to at least one communication data set is comprised of an at least one element selected from the group of text, image, video, and audio, computing from the at least one data set with an analytics engine)
 applying to the at least one data set at least one individual feature attribute selected from the group of image transformations or event being referenced (Dupont Figs. 2 and 4 paragraphs 1373 as described in section predicted behavior [262], some embodiments of this invention use the past to predict the future, either (or both) based on prior patterns of a particular actor [220], or a population that is demographically similar to him or her. In the love life visualization [477], for example, a given person may have a history of relationships which begin with a sexual encounter and end very shortly thereafter, but may at the same time have had several longer-term relationships which did not start off as one-night stands. In such embodiments, at least one new relationship must be underway in order to have an outcome to predict. Some of these embodiments use different visual effects so as to make clear that future visibility is much less clear than recording of historical fact. These visual effects include, but are not limited to, dimming or graying out, an overlay with partial opacity, and the use of partially obscuring transformations or filters. This obviously corresponds to applying to the at least one data set at least one individual feature attribute selected from the group of image transformations or event being referenced).
contrasting the feature sets of different data items to create distinct groupings (Dupont paragraph 0178 states “The continuous clustering [Grouping] component [412] produces clusters of items [122] or events [100] from the incoming data stream on a continuous basis. It is a required stage of continuous discussion building [410]”, paragraph 0258 states “The continuous clustering [grouping] component [412] produces clusters of items [122] or more generally events [100] from a set or a data stream on a continuous basis. A cluster i[Grouping] defined as a grouping of events [100] similar with respect to some observed features. The similarity measures are configurable”.  All this obviously corresponds to contrasting the feature sets of different data items to create distinct groupings)      
Dupont however has not explicitly disclose leveraging measure-countermeasure time windows 
In the same field endeavor of electronic communication Kaler disclose leveraging measure-countermeasure time windows (Kaler Figs. 1 and  7, paragraph 0004 Kaler distribute electronic  communication system as shown in Figs 1 and in paragraph 0004 disclose  “A threat management agent may be configured to review a threat management log and may predict a next attack based on activity recorded in the log. Countermeasure may be deployed within a time  near a time of the predicted next attack and also note: claims 17 and  35  claim recite,  managing a security threat in a distributed system, comprising: reviewing, by a threat management agent, of reports of suspicious activity from at least one distributed element of the system; determining by the threat management agent, based on the reports, whether a pattern characteristic of an attack occurred and predicting when a next attack is likely to occur; and directing deployment of a countermeasure to the predicted next attack, in a time window based on when the next attack is predicted to occur. All this obviously in the disclosure of of Kaler corresponds to leveraging measure-countermeasure time windows).

Therefore it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to allow the computer to receive an at least one electronic media communication data set from an electronic medium, communicate data set comprised of an at least one element selected from the group of text, image, video, and audio, computing from the at least one data set with an analytics engine,  apply to the at least one data set at least one individual feature attribute selected from the group of image transformations or event being referenced,  contrast the feature sets of different data items to create distinct groupings and leveraging measure-countermeasure time windows as shown by combination of  Dupont and Kaler because such a system provide intrusion and malicious activities detection in the electronic communication system.                   
          Regarding Claim 2, Dupont disclose  presenting conclusions with the analytics engine in a form and identifying and tracking logical image components (Dupont Figs. 2 and 4 paragraphs 1373 as described in section predicted behavior [262], some embodiments of this invention use the past to predict the future, either (or both) based on prior patterns of a particular actor [220], or a population that is demographically similar to him or her and Dupont paragraph 0178 states “The continuous clustering [Grouping] component [412] produces clusters of items [122] or events [100] from the incoming data stream on a continuous basis. It is a required stage of continuous discussion building [410]”, paragraph 0258 states “The continuous clustering [grouping] component [412] produces clusters of items [122] or more generally events [100] from a set or a data stream on a continuous basis. This correspond to presenting conclusions with analytical engine form identifying and tracking logical image components).  
           Regarding claim 3 Dupont disclose attribute values are re-evaluated after meeting a condition of group record updates (Dupont paragraph 0264 The method is fully continuous, which implies that it produces usable results (sets of clusters) and updates them as it acquires the events [100] from the underlying data stream. This corresponds to attribute values are re-evaluated after meeting a condition of group record update).
          Regarding claim 4 Dupont disclose deep learning is used detect subtle branding features and correlation in data (Dupont Abstract,  paragraph 0264 The method is fully continuous, which implies that it produces usable results (sets of clusters) and updates them as it acquires the events [100] from the underlying data stream and  Dupont disclose in paragraph 0613  the model is trained on a training set defined for example as a group's baseline window of events. In the default embodiment, re-training occurs at regular intervals defined in the system configuration (which, depending on the business domain considered, may be in the order of weeks or months). In another embodiment, a load-balancing component adapts the training frequency so as to find an adequate trade-off between maintaining a recent model and not overload the machines hosting the various components of the processing and analysis layer [402]. All this corresponds to learning is used detect subtle branding features and correlation in data and would be obvious to use deep learning and training which is training and learning and Dupont obviously disclose continuous training and learning which would be deep).
           Regarding claim 5 Kaler disclose applying an inferencing engine to the selected data, where the inferencing engine allows knowledge from prior countermeasure experience to be applied and specific policies as required by one or more rule sets as required by one or more jurisdictions to be enforced (Kaler Figs. 1 and  7, paragraph 0004 Kaler distribute electronic  communication system as shown in Figs 1 and in paragraph 0004 disclose  “A threat management agent may be configured to review a threat management log and may predict a next attack based on activity recorded in the log. Countermeasure may be deployed within a time  near a time of the predicted next attack and also note: claims 17 and  35  claim recite,  managing a security threat in a distributed system, comprising: reviewing, by a threat management agent, of reports of suspicious activity from at least one distributed element of the system; determining by the threat management agent, based on the reports, whether a pattern characteristic of an attack occurred and predicting when a next attack is likely to occur; and directing deployment of a countermeasure to the predicted next attack, in a time window based on when the next attack is predicted to occur. This obviously corresponds to applying an inferencing engine to the selected data, where the inferencing engine allows knowledge from prior countermeasure experience to be applied and specific policies as required by one or more rule sets as required by one or more jurisdictions to be enforced)
         Regarding claim 6 Kaler disclose one or more specialized computational components to derive highly specific deception theory application (Kaler Figs. 1 and  7, paragraph 0004 Kaler distribute electronic  communication system as shown in Figs 1 and in paragraph 0004 disclose  “A threat management agent may be configured to review a threat management log and may predict a next attack based on activity recorded in the log and Kelar in claim 51 disclose threat management agent for managing a security threat in a distributed system, the threat management agent comprising: an attack predictor for reviewing reports of suspicious activity, the reports including suspicious activity reported from at least one distributed element of the distributed system, and for determining whether a pattern characteristic of an attack occurred and for predicting when a next attack is likely to occur based on the detected pattern; a director for directing deployment of a countermeasure to the predicted next attack, in a time window based on when the next attack is predicted to occur. In the system of Kaler an attack predictor for reviewing reports of suspicious activity obviously would corresponds to specialized computational components to derive highly specific deception theory application).
          Regard claim 7 Dupont disclose hypergraph analysis, where the hypergraph analysis that creates a nodal expression with evidence link types that identify information selected from the group of identity of actors, properties of actors, (Dupont paragraph 0153 Evidence [108] is derived by the system after collecting, processing, and analyzing events [100]. Evidence is represented by the system as OSF [110] or order sorted features structures for which grammar [112] rules can be defined. OSF's [110] are stored as a hypergraph [114] model in one embodiment. The events obviously can be attributed to properties of actors or identity of actors).
          Regarding claim 8 Dupont disclose  identifying in the selected data characteristics selected from the group of specific transformation and logical image components identifying in the selected data characteristics selected from the group of specific transformation and logical image components (Dupont paragraph 0178 states “The continuous clustering [Grouping] component [412] produces clusters of items [122] or events [100] from the incoming data stream on a continuous basis. It is a required stage of continuous discussion building [410]”, paragraph 0258 states “The continuous clustering [grouping] component [412] produces clusters of items [122] or more generally events [100] from a set or a data stream on a continuous basis. A cluster i[Grouping] defined as a grouping of events [100] similar with respect to some observed features. The similarity measures are configurable”.  All this obviously corresponds to   identifying in the selected data characteristics selected from the group of  logical image components of data stream).
          Regarding claim 9 Kaler disclose  knowledgebase used by an inferencing component, where the knowledgebase contains information about objects selected from the group of measure and countermeasure windows in different jurisdictions (Kaler Figs. 1 and  7, paragraph 0004 Kaler distribute electronic  communication system as shown in Figs 1 and in paragraph 0004 disclose  “A threat management agent may be configured to review a threat management log and may predict a next attack based on activity recorded in the log. Countermeasure may be deployed within a time  near a time of the predicted next attack and also note: claims 17 and  35 of Kaler  claim recite,  managing a security threat in a distributed system, comprising: reviewing, by a threat management agent, of reports of suspicious activity from at least one distributed element of the system; determining by the threat management agent, based on the reports, whether a pattern characteristic of an attack occurred and predicting when a next attack is likely to occur; and directing deployment of a countermeasure to the predicted next attack, in a time window based on when the next attack is predicted to occur . This knowledgebase can obviously can be used in different jurisdiction).
            Regarding claim 10 Dupont disclose Knowledge base known real world objects (Dupont note: paragraph 0170)
           Regarding claim 11 Dupont disclose this knowledgebase is extrinsic to the system  (Dupont paragraph 0170) .
            Regarding claim  12 Dupont disclose hypergraph and evidence (Dupont paragraph 0153 Evidence [108] is derived by the system after collecting, processing, and analyzing events [100]. Evidence is represented by the system as OSF [110] or order sorted features structures for which grammar [112] rules can be defined. OSF's [110] are stored as a hypergraph [114] model in one embodiment. Any evidence would be obvious to removed or filter-out based the system administrator of the system)  
        
                                     Claim objection
            Claim 13-15 is objected as dependent on rejected base claim but would allowable over the prior if written the independent form including limitation of base claim and any  intervening claims and also provided that rejections of claim 1 under 35 USC 112 a & b is overcome.
           
                             Communication
            Any inquiry concerning this communication or earlier communications from the examiner should be directed to ISHRAT I SHERALI whose telephone number is (571)272-7398.  The examiner can normally be reached on Monday-Friday 8:00AM -5:00 PM.
           If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Matthew Bella can be reached on 571-272-7778.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


ISHRAT I. SHERALI
Examiner
Art Unit 2667

/ISHRAT I SHERALI/
Primary Examiner, Art Unit 2624
July 15, 2022