DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 17193251 filed on 03/05/2021. Claims 1, 11 and 20 are independent claims. Claims 1-20 have been examined and are pending in this application. This Office Action is made Non-Final.
	Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 11-19 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 11; the claim calls for a system; however, there is no hardware element found within the claimed device. As recited in the body of the claim, the claimed device includes “at least one processors,” “an event collection module,” “a variable generation module,” “a leakage module” and “an output module.”  As recited in the claim, modules are software modules as they are “executable by the at least one processor.”   
Regarding the claimed processors, the specification does not explicitly define that the claimed processors are only implemented in hardware. At most, in par. 0028, the specification provides some examples of processors (e.g., “multiple single core processors,” ”central processing unit,” “digital signal processor,” etc.,). The specification does not explicitly limit that the claimed processors are only implemented in hardware. One of ordinary skill in the art would understand that a ‘processor’ could be a software processor (See “The Authoritative Dictionary of IEEE Standards Terms,” Seventh Edition, published in 2000).  As the body of the claim does not positively recite any hardware embodiment, the claim is directed to non-statutory subject matter. The nominal recitation of the machine/device in the preamble with an absence of a hardware element in the body of the claim fails to make the claim statutory under 35 USC 101.  See Am. Med. Sys., Inc v. Biolitec, Inc., 618 F.3d 1354, 1358 (Fed. Cir. 2010).  The Examiner respectfully suggests that the claim be further amended to positively recites at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.  
Regarding claims 11-19, claims 11-19 are also rejected under 35 U.S.C 101 as being directed to non-statutory subject matter for the same reasons addressed above.




	Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.





Claims 1-4, 10-14 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Layson et al. (“Layson,” US 20120131349, published on 05/24/2012) in view of JOSEPH et al. (“JOSEPH,” US 20170032130, published on 02/02/2017)

Regarding Claim 1;
Layson discloses a method for identifying a leaked serial number associated with a software product, the method comprising (par 0035: the security values generated based on the same portion or different portions of the identification component [] even if one validation authority is compromised, a complete system failure may be avoided):
tracking a plurality of characteristic parameters for activation events that occur over a period of time (par 0006; figs. 3 and 5; an activation server able to keep track of how many times each individual product key is used; 0022; a product key includes a serial number; par 0046; an auditing service that is invoked by the activation server [] the enhanced security server perform the audit online and transmit the result back to the activation server; par 0062; product key in a 5.times.5 format where 24 of the 25 characters are drawn from an alphabet of 24 characters "BCDFGHJIMPQRTVWXY2346789," and a special character "N" is inserted into the 9.sup.th position),
wherein an activation event corresponds to a software activation request using a given serial number, each of the characteristic parameters being trackable for the given serial number and corresponding to an aspect of the activation events (par 0021; fig. 4; when the user attempts to install the copy of the software product on a user computer, an installation program running on the user computer prompt the user to enter the product key. Upon receiving the product key, the installation program process the product key and send an activation request to an activation server based on information derived from processing the product key; par 0057; the serial number, the additional identifying information, the first and second security values, and the checksum may be packaged together in some suitable manner to form a product key. For example, in some embodiments, a base 24 encoding with the alphabet "BCDFGHJKMPQRTVWXY2346789" may be used to encode the concatenation of the serial number, the additional identifying information, the first and second security values, and the checksum, and a special character not in the alphabet for the encoding, such as the character "N," may be inserted into a selected position in the encoded string);
generating a plurality of input variables associated with the given serial number, each of the input variables based on one or more of the plurality of characteristic parameters (par 0054; fig. 3B; generated based on the serial number and the additional identifying information using a suitable security mechanism. For instance, the serial number and/or the additional identifying information may be used to determine the security mechanism, par 0062; product key in a 5.times.5 format where 24 of the 25  characters are drawn from an alphabet of 24 characters "BCDFGHJIMPQRTVWXY2346789," and a special character "N" is inserted into the 9.sup.th position),
wherein at least one of the input variables includes a count corresponding to a number of activation events associated with one of the characteristic parameters (par 0062; fig. 3B; par 0062; product key in a 5.times.5 format where 24 of the 25  characters are drawn from an alphabet of 24 characters "BCDFGHJIMPQRTVWXY2346789," and a special character "N" is inserted into the 9.sup.th position).
Layson discloses all the limitations as recited above, but do not explicitly disclose providing the plurality of input variables as inputs to a neural network; generating, using the neural network, a leakage probability for the given serial number based on the inputs; and in response to the leakage probability being above a threshold, generating an alert indicating that the leakage probability is above the threshold.
However, in an analogous art, JOSEPH discloses pre-cognitive security information system/method that includes:
providing the plurality of input variables as inputs to a neural network (JOSEPH: par 0019; fig. 1; receive input data. The input data includes events [] an event includes any security-related activity; par 0025; an anomaly detection module that is executed by the at least one processor to use trained classifiers (e.g., determined by using artificial neural networks (ANNs)) to detect an anomaly in input events); 
generating, using the neural network, a leakage probability for the given serial number based on the inputs (JOSEPH: par 0025; fig. 1; an anomaly detection module that is executed by the at least one processor to use trained classifiers (e.g., determined by using artificial neural networks (ANNs)) to detect an anomaly in input events [] a predictive attack graph generation module that is executed by the at least one processor may generate a predictive attack graph based on the detected anomaly in the input events; par 0018; the anomaly score may represent a measure of how unusual an event related to the attack is, or in other words, represent an estimate of the probability of an event being malicious); and 
in response to the leakage probability being above a threshold, generating an alert indicating that the leakage probability is above the threshold (JOSEPH: par 0046; the use of the soft-max function provides for interpretation of the outputs as probabilities; par 0069; in response to a determination that the rank of an asset is greater than or equal to the rank threshold, the particular asset determined, and the path to it may be added to the predictive attack graph along with the associated path; par 0079; with difficulty levels from reaching the asset [] may be assigned a 100% probability that an attacker may compromise this asset; par 0081; alert the user of a system when the suspicious activity score exceeds a predetermined threshold).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of JOSEPH with the method/system of Layson to include providing the plurality of input variables as inputs to a neural network; generating, using the neural network, a leakage probability for the given serial number based on the inputs; and in response to the leakage probability being above a threshold, generating an alert indicating that the leakage probability is above the threshold. One would have been motivated to generate a score that provides an indication of a number of assets that can be compromised and a difficulty of exploiting vulnerabilities related to services of the assets that can be compromised (JOSEPH: abstract).
	
Regarding Claim 2;
The combination of Layson and JOSEPH disclose the method of claim 1, 
Layson further discloses causing additional activation requests made using the given serial number to be rejected (Layson: par 0070; fig. 4; the checksum is determined to be incorrect, the process may proceed to prompt the user to re-enter the product key and then return to process the user's next attempt at entering the product key).
Regarding Claim 3;
The combination of Layson and JOSEPH disclose the method of claim 1,
JOSEPH further discloses generating a report that includes at least the leakage probability and a date corresponding to when the leakage probability was generated (JOSEPH: par 0021; values that exceed a predetermined user-configurable threshold are reported to the network administrator. By reporting anomalous events with high ß-values,  the apparatus and method disclosed herein may inform a network administrator of anomalies sooner compared to a system in which events are reported once a high value asset has been compromised).
One would have been motivated to generate a score that provides an indication of a number of assets that can be compromised and a difficulty of exploiting vulnerabilities related to services of the assets that can be compromised (JOSEPH: abstract).
Regarding Claim 4;
The combination of Layson and JOSEPH disclose the method of claim 1, 
Layson further discloses wherein the plurality of input variables includes any one or more of: a number of unique machines that activated the given serial number, a number of unique cities where the given serial number was activated, a number of unique countries where the given serial number was activated, a number of unique IP addresses that activated the given serial number, or a number of machines on average per each of the unique IP addresses (Layson: par 0063; fig. 3B; the product key, with the special character "N" removed, may be decoded into a string of 114 bits, for example, the first 50 bits in the bit string may correspond to an identification component of the product key, with the first 20 bits representing a group ID and the remaining 30 bits representing a serial number).  
Regarding Claim 10;
The combination of Layson and JOSEPH disclose the method of claim 1,
Layson discloses wherein the activation events are first activation events, the period of time is a first period of time, the plurality of input variables is a first plurality of input variables, and the leakage probability is a first leakage probability associated with the first predetermined period of time, the method comprising (Layson; par 0046; fig. 5; an auditing service that is invoked by the activation server [] the enhanced security server perform the audit online and transmit the result back to the activation server; par 0073; receive an activation request, which may include a product key in its entirety and/or various relevant portions of the product key, such as a group ID, a serial number, a first security value, and/or a second security value, the process may use some of the identifying information from the product key, such as the group ID, to access validation information relating to the first security value; par 0063; fig. 3B; the product key, with the special character "N" removed, may be decoded into a string of bits, for example, the first 50 bits in the bit string may correspond to an identification component of the product key, with the first 20 bits representing a group ID): tracking the plurality of characteristic parameters for second activation events that occur over a second period of time that is after, and does not overlap with, the first period of time (Layson; par 0046; fig. 6; an auditing service that is invoked by the activation server [] the enhanced security server perform the audit online and transmit the result back to the activation server; par 0079; the process contact a storage for validation information using a URL having the group ID encoded therein. Depending on the particular implementation, the process provide additional credential information in order to access validation information relating to the second security value. Such additional credential information may not be available to a front end validation authority, so that validation information relating to the second security value remain secure even in the event of a security breach at the front end validation authority); generating a second plurality of input variables associated with the given serial number, each of the second input variables based on one or more of the plurality of characteristic parameters, at least one of the second input variables including a count corresponding to a number of activation events associated with one of the characteristic parameters (Layson; par 0055; figs. 3A/B: a second security value may be generated based on the serial number and the additional identifying information. In some embodiments, the second security value may be generated using a security mechanism that is different from the mechanism used to generate the first security value; 0057; the serial number, the additional identifying information, the first and second security values, and the checksum may be packaged together in some suitable manner to form a product key. For example, in some embodiments, a base 24 encoding with the alphabet "BCDFGHJKMPQRTVWXY2346789" may be used to encode the concatenation of the serial number, the additional identifying information, the first and second security values, and the checksum, and a special character not in the alphabet for the encoding, such as the character "N," may be inserted into a selected position in the encoded string);
JOSEPH further discloses providing the first plurality of input variables and the second plurality of input variables as inputs to the neural network (JOSEPH: par 0019; fig. 1; receive input data. The input data includes events [] an event includes any security-related activity; par 0025; an anomaly detection module that is executed by the at least one processor to use trained classifiers (e.g., determined by using artificial neural networks (ANNs)) to detect an anomaly in input events); generating, using the neural network, a second leakage probability for the given serial number (JOSEPH: par 0025; fig. 1; an anomaly detection module that is executed by the at least one processor to use trained classifiers (e.g., determined by using artificial neural networks (ANNs)) to detect an anomaly in input events [] a predictive attack graph generation module that is executed by the at least one processor may generate a predictive attack graph based on the detected anomaly in the input events; par 0018; the anomaly score may represent a measure of how unusual an event related to the attack is, or in other words, represent an estimate of the probability of an event being malicious; par 0069; for the pseudo-code (Add to a path), in response to a determination that the rank of an asset is greater than or equal to the rank threshold, the particular asset determined and the path to it from a path, may be added to the predictive attack graph along with the associated path; par 0072; for the pseudo-code (Add complexity to vulnerability complexity list), in response to a determination that the complexity of the asset is less than the complexity threshold, and a precondition
for asset matches a post-condition for asset the complexity related to the asset maybe added to the complexity list); and in response to a difference between the second leakage probability and the first leakage probability being above a difference threshold (JOSEPH: par 0021; a predictive attack graph may be used by a network administrator to explore different paths an attacker may take to compromise a high value asset [] the predictive attack graph may predict future paths of an attack based on known vulnerabilities in a network. The predictive attack graph may be built with the knowledge of network topology, services running on different machines, and vulnerabilities that exist in different services. The predictive attack graph may be used to derive a mathematical value based on how many high value assets a malicious event can compromise in the future, how difficult is it to exploit the vulnerabilities from the attacker's standpoint, and how long or how far an attacker has progressed towards compromising the vulnerabilities), generating an alert indicating that the difference between the second leakage probability and the first leakage probability is above the difference threshold (JOSEPH: 0021; a predictive attack graph may be used by a network administrator to explore different paths an attacker may take to compromise a high value asset [] the predictive attack graph may predict future paths of an attack based on known vulnerabilities in a network. The predictive attack graph may be built with the knowledge of network topology, services running on different machines, and vulnerabilities that exist in different services. The predictive attack graph may be used to derive a mathematical value based on how many high value assets a malicious event can compromise in the future, how difficult is it to exploit the vulnerabilities from the attacker's standpoint, and how long or how far an attacker has progressed towards compromising the vulnerabilities par 0046; the use of the soft-max function provides for interpretation of the outputs as probabilities; par 0069; in response to a determination that the rank of an asset is greater than or equal to the rank threshold, the particular asset determined, and the path to it may be added to the predictive attack graph along with the associated path; par 0079; with difficulty levels from reaching the asset [] may be assigned a 100% probability that an attacker may compromise this asset; par 0081; alert the user of a system when the suspicious activity score exceeds a predetermined threshold).

Regarding Claim 11;
This Claim recites a system that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  
Regarding Claim 12;
This Claim recites a system that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  
Regarding Claim 13;
This Claim recites a system that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  
Regarding Claim 14;
This Claim recites a system that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  
Regarding Claim 19;
This Claim recites a system that perform the same steps as method of Claim 10, and has limitations that are similar to Claim 10, thus are rejected with the same rationale applied against claim 10.  

Regarding Claim 20;
This Claim recites a computer program product that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

Claims 5-6 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Layson et al. (US 20120131349) in view of JOSEPH et al. (US 20170032130) and further in view of GHABOOSI et al. (“GHABOOSI,” US 20140286193, published on 09/25/2014)
Regarding Claim 5;
The combination of Layson and JOSEPH disclose the method of claim 1,
The combination of Layson and JOSEPH disclose all the limitations as recited above, but do not explicitly disclose generating a sparse collection of activation events by identifying those activation events occurring in a city where the total number of activation events from that city is less than a threshold percentage of the total number of all activation events.  
However, in an analogous art, GHABOOSI discloses service discovery system/method that includes:
generating a sparse collection of activation events by identifying those activation events occurring in a city where the total number of activation events from that city is less than a threshold percentage of the total number of all activation events (GHABOOSI: par 0069; a service provider can be configured to generate the clusterization profile; par 0076; receipt of the notification that a cluster has been activated that corresponds to the subscribed clusterization profile, the mobile device can monitor its location and compare the monitored location to the location of the activated cluster that was provided to the mobile device by the activation request from the mobile device. When the difference between the monitored location and the cluster location is less than a predetermined threshold value).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of GHABOOSI with the method/system of Layson and JOSEPH to include generating a sparse collection of activation events by identifying those activation events occurring in a city where the total number of activation events from that city is less than a threshold percentage of the total number of all activation events. One would have been motivated to establishing and/or maintaining communication cluster environments that support a plurality of communication devices. The plurality of communication devices can be configured to communicate with one another utilizing the communication cluster environment (GHABOOSI: abstract).
	

Regarding Claim 6;
The combination of Layson, JOSEPH and GHABOOSI disclose the method of claim 5, 
Layson further discloses wherein generating the plurality of input variables comprises generating one or more sparse input variables associated with the given serial number based on one or more of the characteristic parameters from the sparse collection of activation events (Layson: par 0061; figs. 3A/B; the security values are randomly or pseudo-randomly generated, or where the same security mechanism is used to generate the first and second security value; par 0054; first security value may be generated based on the serial number and the additional identifying information (e.g., the group ID) using a suitable security mechanism. For instance, the serial number and/or the additional identifying information may be used to determine the security mechanism, which may be based on signature, encryption, hashing, random generation, and/or other cryptographic techniques).

Regarding Claim 15;
This Claim recites a system that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  

Regarding Claim 16;
This Claim recites a system that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  




Claims 7-8 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Layson et al. (US 20120131349) and JOSEPH et al. (US 20170032130) and in view of Walker et al. (“Walker,” US 20040002369, published on 01/01/2004) and further in view of De Langen et al. (“De Langen,” US 20180069710, published on 03/08/2018)

Regarding Claim 7;
The combination of Layson and JOSEPH disclose the method of claim 1, 
The combination of Layson and JOSEPH disclose all the limitations as recited above, but do not explicitly disclose determining one or more country affinity scores between a first country and one or more second counties by determining, for each of the one or more second countries, a total number of unique serial numbers activated in both the first country and the second country, divided by a total number of unique serial numbers activated in the first country but not in the second country.  
However, in an analogous art, Walker discloses modifying a game based on result system/method that includes:
determining one or more country affinity scores between a first country and one or more second counties by determining, for each of the one or more second countries, a total number of unique serial numbers activated in both the first country and the second country, divided by a total number of unique serial numbers activated in the first country but not in the second country (Walker: par 0029; a score may thus be manipulated by adjusting the number of points awarded for each event; par 0047; The range bar, representing the range of scores after an adjustment of the game "Space Battles" is bounded by a high score of approximately "4125 points" [i.e., first] and a low score of approximately "1700 points" [i.e., second]. Thus the range of scores after the adjustment of the game is approximately "2425 points" (4125-1700=2425); 0249; determine whether a variance of the set of results; par 0295; For example, if the desired range had been determined to be "125 points-8750 points", then may comprise determining how many of the results being evaluated are less than "125 points" or greater than "8750 points". That number may then be divided by the total number of results being evaluated and multiplied by one hundred to determine the percentage of results).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Walker with the method/system of Layson and JOSEPH to include determining one or more country affinity scores between a first country and one or more second counties by determining, for each of the one or more second countries, a total number of unique serial numbers activated in both the first country and the second country, divided by a total number of unique serial numbers activated in the first country but not in the second country. One would have been motivated to satisfy the desired standard deviation, for example, if a calculated standard deviation of the results is within a predetermined range of the desired standard deviation (Walker: abstract).
Walker discloses first number and second number as recited above, but do not explicitly disclose first country and one or more second counties; serial numbers activated in the first country.
However, in an analogous art, De Langen discloses serial number system/method that includes:
first country and one or more second counties; serial numbers activated in the first country (De Langen: par 0160; software may be active depending on the serial number. There may be a unique relationship between the serial number and the part to be activated [] activated depending on the serial number. Thus, chips with MROM containing software for multiple countries can be created, wherein the serial number is used for activating the relevant software portions for a specific country).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of De Langen with the method/system of Layson and JOSEPH and Walker to include first country and one or more second counties; serial numbers activated in the first country. One would have been motivated to generate a first predetermined value which uniquely identifies the first non-common circuit, wherein the first predetermined value is readable from outside the semiconductor chip by automated reading means (De Langen: abstract).



Regarding Claim 8;
The combination of Layson, JOSEPH, Walker and De Langen disclose the method of claim 7, 
Walker discloses wherein generating the plurality of input variables comprises generating an unlikely country variable by: identifying one or more country pairs from a list of countries where the activation events occurred (Walker: par 0029; a score may thus be manipulated by adjusting the number of points awarded for each event; par 0047; The range bar, representing the range of scores after an adjustment of the game "Space Battles" is bounded by a high score of approximately "4125 points" [i.e., first] and a low score of approximately "1700 points" [i.e., second]); identifying the one or more country affinity scores associated with the one or more country pairs; and determining a number of country pairs having an affinity score below an affinity threshold, the resulting number of country pairs being the unlikely country variable (Walker: par 0029; a score may thus be manipulated by adjusting the number of points awarded for each event; par 0249; determine whether a variance of the set of results is above or below a predetermined maximum threshold; par 0250; evaluating a set of results may comprise, for example, calculating a variance in the results. In another example, a standard deviation of the results may be calculated. In yet another example, the lowest result may be determined as the lower bound of the range).
One would have been motivated to satisfy the desired standard deviation, for example, if a calculated standard deviation of the results is within a predetermined range of the desired standard deviation (Walker: abstract).
De Langen further discloses county (De Langen: par 0160; activated depending on the serial number. Thus, chips with MROM containing software for multiple countries can be created, wherein the serial number is used for activating the relevant software portions for a specific country) 
One would have been motivated to generate a first predetermined value which uniquely identifies the first non-common circuit, wherein the first predetermined value is readable from outside the semiconductor chip by automated reading means (De Langen: abstract).

Regarding Claim 17;
This Claim recites a system that perform the same steps as method of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  

Regarding Claim 18;
This Claim recites a system that perform the same steps as method of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.  

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Layson et al. (US 20120131349) in view of JOSEPH et al. (US 20170032130) and further in view of Fujiwara et al. (“Fujiwara,” US 6,801,822, published on 10/05/2004)

Regarding Claim 9;
The combination of Layson and JOSEPH disclose the method of claim 1,
Layson discloses wherein the plurality of input variables includes a total count of bad machine IDs, and wherein generating the plurality of input variables comprises identifying the total count of bad machine IDs, each of the bad machine IDs representing a machine that is known to have been associated with a given number of other leaked serial numbers (Layson: par 0046; an auditing service that is invoked by the activation server [] the enhanced security server perform the audit online and transmit the result back to the activation server; par 0063; fig. 3B; the product key, may be decoded into a string of 114 bits, for example, the first 50 bits in the bit string may correspond to an identification component of the product key, with the first 20 bits representing a group ID).
JOSEPH further discloses is known to have been associated with a given number of other leaked serial numbers (JOSEPH: par 0046; the use of the soft-max function provides for interpretation of the outputs as probabilities; par 0069; in response to a determination that the rank of an asset is greater than or equal to the rank threshold, the particular asset determined, and the path to it may be added to the predictive attack graph along with the associated path; par 0079; with difficulty levels from reaching the asset [] may be assigned a 100% probability that an attacker may compromise this asset; par 0081; alert the user of a system when the suspicious activity score exceeds a predetermined threshold).
One would have been motivated to generate a score that provides an indication of a number of assets that can be compromised and a difficulty of exploiting vulnerabilities related to services of the assets that can be compromised (JOSEPH: abstract).
The combination of Layson and JOSEPH disclose group ID as recited above, but do not explicitly disclose the bad machine IDs.
However, in an analogous art, Fujiwara discloses production management system/method that includes:
the bad machine IDs (Fujiwara: Col 32, lines 14-16; defect table stores data comprising "Factory name", "Product field", "Name of machine type", Production step", "Line No.").
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Fujiwara with the method/system of Layson and JOSEPH to include the bad machine IDs. One would have been motivated to retrieving data stored in a database of a step-monitoring server in order to obtain information on daily (Fujiwara: abstract).


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.W./Examiner, Art Unit 2439   


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439