DETAILED ACTION
This office action is in response to the correspondence filed on 05/24/2022. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Objections
Claims 1, 7, and 14 are objected to because of the following informalities:
Claim 1, “within a distributed computer system the security-monitoring system comprising” should likely read “within a distributed computer system, the security-monitoring system comprising”.
Claims 7 and 14, “generate a final, microsegmentation quotient” should likely read “generate a final[[,]] microsegmentation quotient”.
Claim 14, “the security-monitoring system of claim 6” should likely read ‘the method of claim 12”. Otherwise, this dependent claim is identical to claim 7.
Examiner notes that that quality of the application copy after refiling is still questionable, but examiner will interpret commas in place of periods where it makes sense.
Appropriate correction is required.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite generating microsegmentation quotients which represent security levels of system entities within a distributed computer system; receving requests for microsegmentation quotients and transmitting the requested microsegmentation quotients to requestors.
The limitation of generating microsegmentation quotients, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “one or more processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “one or more processor” language, “generating” including estimating and refining in the context of this claim encompasses the user manually or mentally calculating and determining microsegmentation quotients for each of the system entities which can be a scalar metric/value per the specification. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using one or more processors to perform the generating, receiving and transmitting steps. The processor in these steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of generating microsegmentation quotients; receiving requests and transmitting the requested microsegmentation quotients to requestors) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the generating; receiving and transmitting steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 8 and 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
The term “large” in claims 8 and 16 is a relative term which renders the claim indefinite. The term “large” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Thus, “a large number of system entities” in the limitation has been rendered indefinite.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 8, and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Devi Reddy et al. (US Pub No. 2017/0118240 A1, referred to as Devi Reddy).
Regarding claim 1, Devi Reddy anticipates,
1. A security-monitoring system that generates microsegmentation quotients which represent security levels of system entities within a distributed computer system the security-monitoring system comprising: (Devi Reddy: [0092])
one or more processors, one or more memories, and one or more data-storage devices within one or more computer systems; and (Devi Reddy: [0102])
computer instructions, stored in one or more of the one or memories. that, when executed by one or more of the processors. control the security system to (Devi Reddy: [0102])
estimate a microsegmentation quotient for each of the system entities, (Devi Reddy: [0092]; a threat score (microsegmentation quotient) is determined (estimate) for each entity in the local network, wherein the threat score represents the likelihood that the entity is performing malicious behavior.)
iteratively refine the microsegmentation quotient for each of the system entities, (Devi Reddy: [0090]; the machine-learned analysis module 240 applies machine-learned models to features generated by the feature extraction module 230 to detect security threats. These machine-learning models may use different techniques to model these features, including parameter estimation for a time series, probability estimation for a given point in time, heuristics, clustering, dimensional reduction, probability distribution of a feature vector, and/or path-length analysis (iteratively learning process).)
periodically recompute the microsegmentation quotient for each of the system entities, (Devi Reddy: [0129]; user can see how the threat score of an entity has changed over time (periodically recompute).)
receive, from one or more requestors, requests for microsegmentation quotients for each of one or more specified system entities, the requestors including (Devi Reddy: Fig. 9; [0129]; the user can also select a date 920 for which the user would like to see a day-long timeline 900 of entity threat scores.)
an automated administration-and-management-system, and (Devi Reddy: [0125]; a user interface that is provided by the security analytics system.)
a display routine that displays microsegmentation quotients on a display device, and (Devi Reddy: Fig. 9; [0129]; display threat scores.)
transmit the requested microsegmentation quotients to the requestors. (Devi Reddy: Fig. 9; [0129]; display requested threat scores to users.)


Regarding claim 2, Devi Reddy anticipates,
2. The security-monitoring system of claim 1 wherein the system entities include one or more:
distributed computer stems;
individual data centers;
discrete computer systems;
data-storage appliances; 
networking appliances; and (Devi Reddy: Fig. 7; devices/appliances.)
hardware and computer-instruction-implemented components of discrete computer systems. including 
data-storage devices, 
networking devices, (Devi Reddy: Fig. 7; devices.)
operating systems;
 virtualization layers,
distributed applications, 
distributed-application components, 
virtual machines, virtual networks, 
virtual network appliances, and
virtual data-storage appliances.


Regarding claim 3, Devi Reddy anticipates,
3. The security-monitoring system of claim 1 wherein a microsegmentation quotient is a scalar value within a specified range of scalar values. (Devi Reddy: [0092]; numeric threat scores or Boolean values (scalar values within a specified range).)


Regarding claim 4, Devi Reddy anticipates,
4. The security-monitoring system of claim 1 wherein each type of system entity is associated with a set of features that each comprises a set of attributes, each attribute a Boolean-valued, integer-value. or real-number-valued metric, the value of which is computationally generated, for a particular system entity of the type of system entity at a particular time, from characteristics and parameters associated with the system entity. (Devi Reddy: [0075]; the feature extraction module 230 generates features of the local network 110 based on the structured data. Features are meaningful data elements and/or aggregates that are derived from the structured data. The features describe aspects of the local network 110 (types of system entities) that are important for detecting security threats that may be present in the local network 110. In some embodiments, features can be aggregates of data for all entities in the local network. For example, the mean amount of data downloaded by client devices 100 within the local network 110 could be used as a feature (e.g. generate real-number-valued metrics for the average downloaded data attribute for a time period).)


Regarding claim 8, Devi Reddy anticipates,
8. The security-monitoring system of claim 1 wherein the security-monitoring system estimates a microsegmentation quotient for each of the system entities by:
using a training data set to estimate the microsegmentation quotient for each system entity, the training data set including attribute values and microsegmentation-quotient values for each of a large number of system entities in one or more distributed computer system. (Devi Reddy: Fig. 2B; [0074]; the behavior analysis module 170 identifies security threats within the local network 110 based on the structured data (training data set). [0075]; the feature extraction module 230 generates features of the local network 110 based on the structured data. Features are meaningful data elements and/or aggregates that are derived from the structured data. The features describe aspects of the local network 110 that are important for detecting security threats that may be present in the local network 110. In some embodiments, features can be aggregates of data for all entities in the local network. For example, the mean amount of data downloaded by client devices 100 within the local network 110 could be used as a feature (attribute value). [0092]; The machine-learned analysis module 240 determines the likelihood that a security threat is present in the local network 110 using the machine-learned models. The machine-learned models use the threat scores (microsegmentation-quotient values) from other machine-learned models to generate a threat score (i.e. the training data set includes both the attribute values and microsegmentation-quotient values of other entities).)


Regarding claim 20, Devi Reddy anticipates,
20. A data-storage device encoded with computer instructions that, when executed by a security-monitoring system implemented within a one or more processors, one or more memories, and one or more data-storage devices within one or more computer system having one or more processors, one or more memories, and one or more data-storage devices, controls the security-monitoring system to: (Devi Reddy: [0102])
estimate a microsegmentation quotient for each of the system entities within a distributed computer system, (Devi Reddy: [0092]; a threat score (microsegmentation quotient) is determined (estimate) for each entity in the local network, wherein the threat score represents the likelihood that the entity is performing malicious behavior.)
iteratively refine the microsegmentation quotient for each of the system entities, (Devi Reddy: [0090]; the machine-learned analysis module 240 applies machine-learned models to features generated by the feature extraction module 230 to detect security threats. These machine-learning models may use different techniques to model these features, including parameter estimation for a time series, probability estimation
for a given point in time, heuristics, clustering, dimensional reduction, probability distribution of a feature vector, and/or path-length analysis (iteratively learning process).)
periodically recompute the microsegmentation quotient for each of the system entities. (Devi Reddy: [0129]; user can see how the threat score of an entity has changed over time (periodically recompute).)
receive, from one or more requestors, requests for microsegmentation quotients for each of one or more specified system entities, the requestors including (Devi Reddy: Fig. 9; [0129]; the user can also select a date 920 for which the user would like to see a day-long timeline 900 of entity threat scores.)
an automated administration-and-management-system, and (Devi Reddy: [0125]; a user interface that is provided by the security analytics system.)
a display routine that displays microsegmentation quotients on a display device, and (Devi Reddy: Fig. 9; [0129]; display threat scores.)
transmit the requested microsegmentation quotients to the requestors. (Devi Reddy: Fig. 9; [0129]; display requested threat scores to users.)



Allowable Subject Matter
Claims 5-7, 9-11, and 14 contains allowable subject matter but remain rejected under 101 rejection. It is also objected to as being dependent upon rejected base claims, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims; and the stated rejection(s) are resolved.
Claims 12-13, 15, and 17-19 contains allowable subject matter but remain rejected under 101 rejection.
Claim 16 contains allowable subject matter but remain rejected under 101 and 112 rejections.
The following is an examiner’s statement of reasons for allowance: 
Although prior art Devi Reddy above disclose all the limitations of the prior claims (see rejections above), none of the prior arts of record alone or in combination discloses system-entity type associated with an attribute threshold, an attribute weight, and an attribute function including using the attribute weight; details about determining an initial feature value of the feature for the system entity from specific number of nearest data-point neighbors of the target point to generate an initial microsegmentation quotient; recomputing the microsegmentation quotient for each system entity based on the two options to refine the microsegmentation quotient for each system entity; iteratively refining the microsegmentation quotient for each of the system entities at time intervals of a second length, shorter than the first length within the time intervals of the first length; and generating a microsegmentation quotient for a system entity from the current attribute values using the attribute thresholds, attribute weights, and attribute functions for the attributes associated with the system-entity type of the system entity and the feature thresholds for the features associated with the system-entity type of the system entity as described in the claims.
At the effective filing date of the application, the above limitations would not have been obvious over the prior arts of record. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Xie; Michael et al.	US-PGPUB	US 20180324219 A1	network security framework based scoring metric generation and sharing
DiMaggio; John P et al.	US-PGPUB	US 20190258807 A1	device security vulnerability scores
Panging; Pankaj et al.	US-PGPUB	US 20200175320 A1	computer architecture for identifying data clusters using unsupervised machine learning 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KA SHAN CHOY whose telephone number is (571) 272-1569.  The examiner can normally be reached on MON - FRI: 9AM-5:30PM EST Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KA SHAN CHOY/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435