Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The communication received on 8/11/22 has been entered.

Response to Arguments/Amendments

In light of Amendment and applicant’s arguments/amendments the claim objections and the 35 U.S.C. 112 rejections are withdrawn. 
Applicant's arguments have been carefully considered but they were not found persuasive.
Applicant argues the newly amended claim language suggesting that the recitation of the active risk mitigation adjustment employing human intervention process, which may arrange to shut off electricity or modify operation of a factory (Przechocki’s para 39) does not involve “changing at least one parameter of the network and at least one parameter of the at least one Internet-connected device”.
However, it appears that applicant made a few assumptions based on the intended meaning of the claims as well as overlook the inherent features of the Przechocki’s system. 
First, given the fact that “the at least one parameter of the at least one Internet-connected device” is part of the network and the claims does not exclude any particular interpretation (e.g. changing at least one parameter of the network and at least one parameter of the at least one Internet-connected device; [the parameter at least one parameter of the network being not a parameter of the Internet-connected device]), any parameter changes of the “at least one parameter of the at least one Internet-connected device” would meet the limitation of changing parameter of the network and the device.
Secondly, although for the purpose of the expedited prosecution the examiner attempted to interpret the claims in light of the specification, it is important to articulate that the specification (or intended meaning) is not be imported into the claims.  This concept is important especially since the claimed “parameter” is not defined and not limited by claims while a skilled in the art would readily appreciate that any data received by a device alters at least one “parameter” by the virtue of the device operating on the data.
Taking in consideration the above points one could clearly argue that the newly presented limitations are met by Przechocki’s teaching.  However, for the purpose of the expedited prosecution the examiner offers additional interpretation of these limitations.
Moreover, the term “automated” indicates that a device performing automation, and clearly the computing devices discussed by Przechocki or any device that can interacts with (is part of) a network inherently uses automation.  Following this notion, a skilled artisan would readily appreciate that any actions and commands are result of this automation as also expressly cited in various paragraphs (including the cited paragraphs) by Przechocki’s suggesting automated response involving  in parameters changing of a device/network (e.g. although “the platform may incorporate … a human intervention process”, “the platform may implement an active risk mitigation adjustment … [such as] to shut off electricity, modify operation, etc.  Also, note that various paragraph refers to robots and/or human “remote” intervention. (Clearly Przechocki does not contemplate the use of non-computing devices (e.g. a stick) for remote intervention)).

Claims 1-16 and 18-19 are pending.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

Claim(s) 1 and 3 are rejected under 35 U.S.C. 103 unpatentable over Przechocki (USPUB 20190188797) in view of Kumano (USPN 6502132).
As per claims 1 and 3, Przechocki teaches a method of performing a computer network action, comprising: receiving data from at least one internet connected device located in a field (monitoring Internet of Things data exchange, where sensor communicates data employing public/private clouds and Internet, para 29, 52, 61, claims 2, 13, etc.); performing at least one artificial intelligence analysis of the data received from the at least one internet connected device (employing artificial intelligence algorithms in the data risk evaluation, para 43, 46, etc.); a presence of a fault condition with the data based on (analysis triggered alarm, para 46-47); when the fault condition exists, perform an automated response to the fault condition through the artificial intelligence analysis; wherein the automated response involves changing .
As per the newly introduced limitations “wherein the automated response involves changing at least one parameter of the network and at least one parameter of the at least one Internet-connected device” given the fact that “the at least one parameter of the at least one Internet-connected device” is part of the network, any parameter changes of the “at least one parameter of the at least one Internet-connected device” would meet the limitation of changing parameter of the network and the device.  
Secondly, although for the purpose of the expedited prosecution the examiner attempted to interpret the claims in light of the specification, it is important to articulate that the specification (or intended meaning) is not be imported into the claims.  This is important especially since the claimed “parameter” is not define and not limited by claims, and a skilled in the art would readily appreciate that any data received by a device alters at least one “parameter” by the virtue of the device operating on the data.
Taking in consideration the above points one could clearly argue that the newly presented limitations are met by Przechocki’s teaching.  However, for the purpose of the expedited prosecution the examiner offers additional interpretation of these limitations.
Specifically, in the related art, Kumano suggests the automated response involving changing at least one parameter of the network in response to the existing fault condition (e.g. the network devices status-display table and status displayed on the screen of the list of summary statutes/changes in the monitoring system, e.g. col. 3 lines 37-47, 8 lines 55-67, 11 lines 46-67, 12 line 63 - col. 13 line 515 lines 21-59, etc.). It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include Kumano’s teaching into Przechocki’s invention given the benefit of usability.
Lastly, the term “automated” indicates that a device is automated and clearly the computing devices discussed by Przechocki or any device that can interacts with (is part of) a network inherently uses automation.  Any actions and commands are result of this automation.  Moreover, in various paragraphs (including the cited paragraphs) Prezchocki expressly suggests automated response involving in parameters changing of a device/network (e.g. although “the platform may incorporate … a human intervention process”, “the platform may implement an active risk mitigation adjustment … [such as] to shut off electricity, modify operation, etc.  Also, note that various paragraphs refer to even robots and/or human “remote” intervention. (Clearly Przechocki does not contemplate the use of non-computing devices (e.g. a stick) for remote intervention), para 39-47, etc.)
The set of elements performing the functionalities of the cited labels (e.g. a security operations center) meet the limitations of these labels.
Claim(s) 2, 4-16 and 18-19 is/are rejected under 35 U.S.C. 103 unpatentable over Przechocki (USPUB 20190188797) in view of Kumano (USPN 6502132) and further in view of Pendergast (USPN 10681071) and Maybee (UPSBU 20180198765).
As per claims 6, 10 and 18-19, Przechock as modified teaches a method of monitoring a computer network and performing an artificial intelligence-based action, comprising: at least one of receiving data from at least one internet connected device and querying data from the at least one internet connected device at a cloud-based monitoring service (monitoring Internet of Things data exchange, where sensor communicates data employing public/private clouds and Internet, para 29, 52, 61, claims 2, 13, etc.), performing at least one artificial intelligence analysis of the data received from the at least one internet connected device by the cloud-based monitoring service (employing artificial intelligence algorithms in the data risk evaluation, para 43, 46, etc.); determining a presence of a fault condition with the data based on one artificial intelligence analysis of the data received from the at least one internet connected device (analysis triggered alarm, para 46-47), when the fault condition exists, notifying a security operations center of the fault (communicate the alarm, para 46-47); at the security operations center, performing an automated response to the fault condition changing at least one parameter of the network and the at least one device (an active risk mitigation responsive to the received result of analysis such as shut down, for example when alarm are triggered human intervention may be used to take control of the devices remotely, e.g. modify operation, etc. para 39, 46.  Also note Kumano’s reference with the motivation to combine), and continuing to receive further data from the at least one internet connected device located in the field, when the fault condition does not exist (not only implicit: clearly Przechocki as modified does not limits his invention to a one time use system but specifically suggests continuous monitoring of devices, e.g. para 45, 113, etc.), the automated incident handling system is configured to manage incidents received from the network (a risk monitoring data associated with a stream of sensor data received via communication network used in risk mitigation of, abstract); the cloud-based monitoring service is configured with an integration application programming interface (Fig. 8, 10, 17 and the associated text).
Note that as used in the claims, the cited labels are nonfunctional.  They are just labels not limited by any particularly claimed functionalities underlining their distinctness from non-cloud elements.  Thus, given the fact that Przechocki as modified clearly indicates the invention within cloud system context, the examiner ascertain that Przechocki’s as modified set of elements cited in the claims satisfy the label.  
However, for the purpose of the expedited prosecution, Official Notice is taken that having/implementing any of these elements within the cloud environment would have been old and well-known variant in the art of networking (as also exampled a particular application as pertaining to claim 13, for example).
As per claim 2, although Przechocki as modified does not expressly teaches querying devices, a skilled in the art would readily appreciate that there are essentially two finite solutions to obtain data from a device: a device initiating the exchange or the device being queried for the data, either one being obvious choice while (Official Notice is taken that) querying devices would have been old and well known in the art of computing given the predictable benefit of network data exchange.
As per claims 5 and 11, Przechocki as modified teaches the at least one internet connected device is a computer and an industrial internet of things component (the device (monitoring Internet of Things data exchange, where devices can be IoS computing devices, para 29, 48, 52, 61) but fails to teach a gateway.  However, it is noted that using a particular type/name for the device in the Przechocki’s as modified invention would not affect the functionality of the invention, thus would not distinguish the claimed invention from the prior art in the terms of patentability.  Thus, this descriptive material does not distinguish the claimed invention from the prior art in the terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401,404 (Fed.Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994).  Furthermore, Official Notice is taken that gateways were old and well known in the art of networking before the effective filling date of the invention and extending Przechocki to any particular device, including gateway, would have been obvious variant amounting merely to a design choice while offering the benefit of customization.
As per claims 4-5, 7-9, 12-16 and 19, Przechocki as modified teaches performing the automated response to the fault condition changing at least one parameter of the network and the at least one device but fails to teach the response being performed through running a playbook. However, Pendergast suggests such solution (automated response according to the playbook, col. 14 lines 25-35).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include (or substitute) known solutions as taught by Pendergast’s teaching into Przechocki’s as modified invention given the benefit of predictable benefit of an automated and orchestrated network security response.
Furthermore, Przechocki’s invention could be performed by hardware/software or any combination of these approaches (para 36, for example) the set of elements performing the functionalities of the cited labels (e.g. response module, automated incident management system, etc.).  However, although Przechocki as modified teaches action performed the security operations center employing playbook to run responses and the fact that the invention pertaining to the cloud environment, the references does not expressly teaches running these responses through a cloud interface.  However, such solution would have been obvious to one of ordinary skill in the art before the effective filling date of the invention as illustrated by Maybee (remediation process action via cloud interface, para 145-165 and 198, for example) while including such solution would offer scalability and predictable benefit of scalable and customized access.

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peter Poltorak whose telephone number is (571) 272-3840.  The examiner can normally be reached Monday through Thursday from 9:00 a.m. to 5:00 p.m. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PIOTR POLTORAK/Primary Examiner, Art Unit 2433