Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
2.	This Office Action is issued in response to the claims filed on 05/21/2020.
Claims 1-20 are pending in this Office Action.

Drawings
3.	Fig. 13 is objected to because it is too blurry to understand its content. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Information Disclosure Statement
4.	The information disclosure statement (IDS) submitted on 5/21/2020 has been considered by the Examiner.

Claim Rejections - 35 USC § 101
5.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


6.	Claims 1-3, 5-9 and 11-20 are rejected under 35 U.S.C. 101.
a. Claim 1 is rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract ideas without significantly more. 
Step 2A, Prong 1: The claim recites ‘…obtaining…textual description…; parsing text…; determining…; and generating or refining a model…” These limitations, as drafted, under their broadest reasonable interpretations cover performance of the limitations in the mind or on paper.  For example, the limitation “obtaining at least one first textual description of one or more features associated with a first vulnerability that has been used in one or more attacks” under its broadest reasonable interpretation, covers performance of the limitation in the mind.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas.  Accordingly, the claim recites an abstract idea.
Step 2A, Prong 2: This judicial exception is not integrated into a practical application because the claim does not recite any application of the limitations besides abstract ideas. For example, the claim does not impose any meaningful limits of adjusting the one or more security aspects of the stored instance of data based on the comparing.  Therefore, the claim is directed to an abstract idea.
Step 2B: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because besides the abstract ideas, the claim does not recite any other additional elements.  Therefore, claim 1 is not patent eligible.
Claims 2-3 and 5-9 depend from claim 1 and they do not limit independent claim 1 or themselves to a practical application or amount to significantly more than the judicial exception; therefore, they are also not patent eligible.
b. Similarly, claims 11-15 are not patent eligible.
c. Claim 16 is rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract ideas without significantly more. 
Step 2A, Prong 1: The claim recites ‘…obtain…textual description…, parse text…, obtain…; and map…” These limitations, as drafted, under their broadest reasonable interpretations cover performance of the limitations in the mind or on paper.  For example, the limitation “obtain at least one textual description of one or more features associated with a vulnerability and/or exploit” under its broadest reasonable interpretation, covers performance of the limitation in the mind.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas.  Accordingly, the claim recites an abstract idea.
Step 2A, Prong 2: This judicial exception is not integrated into a practical application.  In particular, additional elements a memory and at least one processor are recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using generic computer components and/or a generic computer. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Therefore, the claim is directed to an abstract idea.
Step 2B: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.  As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of the memory and processor amounts to no more than mere instructions to apply the exception using generic computer components and/or a generic computer.  Mere instruction to apply an exception using generic computer components and/or a generic computer cannot provide an inventive concept. Therefore, claim 16 is not patent eligible.
Claims 17-20 depend from claim 16 and they do not limit independent claim 16 or themselves to a practical application or amount to significantly more than the judicial exception; therefore, they are also not patent eligible.

Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


8.	Claims 1-2, 4-5, 11, 15-16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chen (US 11405419 B2), hereinafter “Chen”, in view of Sharma et al. (US 20200057858 A1), hereinafter “Sharma”.
	Regarding claim 1, Chen discloses a method of semantic model training, comprising: 
obtaining at least one first textual description of one or more features associated with a first vulnerability that has been used in one or more attacks (Col. 3, line 1- Col. 4, line 55 and Col. 6, lines 7-19: event information collection to determine attack; Col. 5, lines 9-14: analyzing flow logs and obtaining threat data using keyword search-indicating event information collection in textual description); 
[parsing text] from the at least one first textual description in accordance with one or more rules (Fig. 1, block 102 with associated text, Col. 5, lines 9-14: analyzing flow logs and obtaining threat data using keyword search- a rule); 
determining at least one first label for the first vulnerability that is associated with one or more of a plurality of stages of an attack chain taxonomy; and generating or refining a model that maps the [parsed text] to the at least one first label associated with the one or more stages of the attack chain taxonomy (Fig. 1, block 103 with associated text, Col. 5, line 15- Col. 6, line 19: mapping obtained data threat into attack phases-first label associated with the one or more stages of the attack chain taxonomy - utilizing a kill chain model).
Chen discloses words of threat data are used in mapping threat data to corresponding attack phase as presented above, but Chen does not explicitly disclose parsing text.  However, processing threat data by parsing its text is known in the art and Sharma’s teaching is an example (paragraphs [0015] and [0018]:  vulnerability data is embedded- parsed- into vector space). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chen’s teaching of mapping threat data to stages of attack with Sharma’s teaching of processing threat data by parsing its text because the result would be predictable and resulted in parsing text from threat data and mapping the parsed text to at least one first label associated with the one or more stages of the attack chain taxonomy.
	Regarding claim 2, Chen and Sharma disclose the method of claim 1.  Chen further discloses wherein the at least one first textual description comprises an intrusion or exploit report (Col. 3, line 1- Col. 4, line 55 and Col. 6, lines 7-19: event information collection to determine attack), a proof-of-concept, or a zero-day report, or wherein the at least one first textual description includes an adversarial tactics, techniques and common knowledge (ATT&CK) description, a mitigation technique description, a patch description, a description of a sequence of steps for exploit, a rating- level characterization of a vulnerability, a vulnerability description, or any combination thereof (Note: with conjunction ‘or’, only one cited element would be needed in applying art).
	Regarding claim 4, Chen and Sharma disclose the method of claim 1, wherein the generating or refining of the model comprises execution of a machine learning process that maps the parsed text and/or the at least one first label to the one or more stages of the attack chain taxonomy, and wherein a classifier is trained to map text parsed from a vulnerability description to the one or more stages of the attack chain taxonomy (Chen, Fig. 1, block 103 with associated text, Col. 5, line 15- Col. 6, line 19: mapping obtained data threat into attack phases.  Sharma, paragraphs [0011], [0019]-[0020]: natural language processing and machine learning and training.  The combination of Chen and Sharma’s teachings would result in a predictable result of generating or refining of the model comprises execution of a machine learning process that maps the parsed text and/or the at least one first label to the one or more stages of the attack chain taxonomy, and a classifier is trained to map text parsed from a vulnerability description to the one or more stages of the attack chain taxonomy).
Regarding claim 5, Chen and Sharma disclose the method of claim 1, further comprising: obtaining at least one second textual description of one or more additional features associated with a second vulnerability; parsing text of the second textual description in accordance with the one or more rules; generating or determining at least one second label for the second vulnerability from the text parsed in accordance with the one or more rules; and mapping the at least one second label to at least one stage of the attach chain taxonomy based on the model (Chen, col. 5, lines 15-17: each piece of threat data is mapped to a corresponding attack phase. Accordingly, multiple labels would be assigned for multiple pieces of threat data and resulted in having at least one second label for a second vulnerability-second piece of threat data. Combining with Chen and Sharma’s teachings from claim 1 of obtaining textual description of threat data, parsing text and mapping parsed text to a label associated with one or more stages of the attack chain taxonomy, a predictable result of obtaining at least one second textual description of one or more additional features associated with a second vulnerability; parsing text of the second textual description in accordance with the one or more rules; generating or determining at least one second label for the second vulnerability from the text parsed in accordance with the one or more rules; and mapping the at least one second label to at least one stage of the attach chain taxonomy based on the model are obvious).
Regarding claim 11, Chen discloses a method, comprising: 
obtaining at least one textual description of one or more features associated with a vulnerability and/or exploit (Col. 3, line 1- Col. 4, line 55 and Col. 6, lines 7-19: event information collection to determine attack; Col. 5, lines 9-14: analyzing flow logs and obtaining threat data using keyword search -indicating event information collection in textual description); 
[parsing text] from the at least one textual description in accordance with one or more rules (Fig. 1, block 102 with associated text, Col. 5, lines 9-14: analyzing flow logs and obtaining threat data using keyword search- a rule); 
obtaining a model that maps textual data to labels for the one or more features of the vulnerability and/or exploit to respective stages of an attack chain taxonomy; and mapping the [parsed text] to at least one first label for the first vulnerability associated with one or more stages of the attack chain taxonomy in accordance with the model (Fig. 1, block 103 with associated text, Col. 5, line 15- Col. 6, line 19: mapping obtained data threat into attack phases-first label associated with the one or more stages of the attack chain taxonomy - utilizing a kill chain model).
Chen discloses words of threat data are used in mapping threat data to corresponding attack phase as presented above, but Chen does not explicitly disclose parsing text.  However, processing threat data by parsing its text is known in the art and Sharma’s teaching is an example (paragraphs [0015] and [0018]:  vulnerability data is embedded- parsed- into vector space). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chen’s teaching of mapping threat data to stages of attack with Sharma’s teaching of processing threat data by parsing its text because the result would be predictable and resulted in parsing text from threat data and mapping the parsed text to at least one first label associated with the one or more stages of the attack chain taxonomy.
Regarding claim 15, Chen and Sharma disclose the method of claim 11, wherein the one or more rules comprise: a rule for selecting certain nouns, pronouns, verbs, and/or abbreviations from the at least one textual description, a rule for selecting words based on proximity to a named instance of the vulnerability (Chen, Fig. 1, block 102 with associated text, Col. 5, lines 9-14: analyzing flow logs and obtaining threat data using keyword search.  Sharma, paragraphs [0018] and [0056]: words are evaluated or classified based on their proximity to words in vector space), a rule selecting or separating words based on whether the words precede a keyword or follow a keyword, or any combination thereof.
Claims 16 and 20 claim similar subject matters to claims 11 and 15 respectively; therefore, claims 16 and 20 are rejected at least for the same reasons as claims 11 and 15 respectively.
9.	Claims 3, 6-10, 12-14, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Chen (US 11405419 B2), hereinafter “Chen”, in view of Sharma et al. (US 20200057858 A1), hereinafter “Sharma” and in view of Kumar et al. (US 20210326531 A1), hereinafter “Kumar”.
Regarding claim 3, Chen and Sharma disclose the method of claim 1, further comprising: [inserting] the at least one first label into a [joint label space] (Chen, Fig. 1, block 103 with associated text, Col. 5, line 15- Col. 6, line 19: mapping obtained data threat into attack phases-first label); [inserting] at least one second label related to one or more intrusion techniques into the [joint label space] (Chen, Col. 5, line 31- Col. 6, line 6: association of phases with intrusion techniques used in attack); generating at least one technique label based on labels in the [joint label space] (Chen, Fig. 1, block 104 with associated text and Col. 6, line 30-Col. 7, line 32: association of threat data, attack phases and mitigating techniques- technique labels), wherein the determination of the at least one first label for the first vulnerability is based on context extracted from the parsed text, [wherein the generating of the at least one technique label is based on a distance function between the at least one second label and the at least one first label] (Sharma, paragraphs [0015], [0018] and [0053]-[0056]:  vulnerability data is embedded- parsed- into vector space;  as data is classified by natural language processor, words and phrased are embedded in vector spaces based on their proximity to words in vector spaces).
Chen and Sharma do not explicitly disclose inserting labels into joint label space and generating of the at least one technique label is based on a distance function between the at least one second label and the at least one first label.  However, in natural language processing, inserting labels into joint label space and generating a result based on word distance models are known in the art and Kumar’s teaching is an example (Fig. 1 with associated text: sentences are parsed into labels 202A-F which are inserted into a joint label space 202.  Fig. 2 with associated text: result 204 is based on parsed labels in 202.  Paragraph [0031]: A natural language model is trained using word distance models and word embedding models. Therefore, result 204 is based on embedded words and distance models).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chen’s teaching of association of threat data, attack phases and mitigating techniques with Sharma’s teaching of processing threat data by parsing its text and with Kumar’s teaching of inserting labels into joint label space and generating a result based on word distance models to have a predictable result of inserting the at least one first label into a joint label space; inserting at least one second label related to one or more intrusion techniques into the joint label space; generating at least one technique label based on labels in the joint label space, wherein the determination of the at least one first label for the first vulnerability is based on context extracted from the parsed text, wherein the generating of the at least one technique label is based on a distance function between the at least one second label and the at least one first label.
Regarding claim 6, Chen, Sharma and Kumar disclose the method of claim 1, wherein the generating or refining includes: generating labels of a joint label space by a multi-label text classification model having at least two label encoding heads (Kumar, Fig. 1 with associated text: 202A-F-multiple encoding heads).
	Regarding claim 7, Chen, Sharma and Kumar disclose the method of claim 6, wherein a first head of the at least two label encoding heads comprises a context encoder that encodes vector representations of words associated with the first vulnerability based on the parsed text, wherein a second head of the at least two label encoding heads is a concept encoder that identifies the one or more stages of the attach chain taxonomy associated with the first vulnerability as labels based on the parsed text (Chen, Fig. 1, blocks 102-103 with associated text; association of threat data with attack phases. Kumar, Fig. 1 with associated text: phrases/sentences are parsed into labels 202A-F which are inserted into a joint label space 202.  The combination of Chen and Kumar’s teachings would have obvious and predictable results that vulnerability data could be generated into a phrase or sentence under a first head-vulnerability data and an attack phase could be generated into a phrase/sentence under a second head- attack phaser).
Regarding claim 8, Chen, Sharma and Kumar disclose the method of claim 7, wherein a third head of the at least two label encoding heads encodes attacker actions and mitigation techniques (Chen, Fig. 1, block 104 with associated text and Col. 6, line 30-Col. 7, line 32: association of threat data, attack phases and mitigating techniques. Kumar, Fig. 1 with associated text: sentences are parsed into labels 202A-F which are inserted into a joint label space 202.  Fig. 2 with associated text: result 204 is based on parsed labels in 202.  The combination of Chen and Kumar’s teachings would have obvious and predictable results that a mitigating technique would be a result-third head- and equivalent to box 204 of Fig. 2 in Kumar).
Regarding claim 9, Chen, Sharma and Kumar disclose the method of claim 8, wherein an output of the first head and an output of the second head are combined and inserted into the joint label space, and wherein the output of the second head and the third head are combined and inserted into the joint label space (From Chen, Sharma and Kumar’s teachings in claims 1, 6-8 presented above, Chen’s teaching of  association of threat data, attack phases and mitigating techniques and Kumar’s teaching of combining sentences-encoding head- to have a result, it is obvious that it’s a designer’s choice to combine and inserted heads into joint label space).
Regarding claim 10, Chen, Sharma and Kumar disclose the method of claim 6, further comprising: training a multi-layer perceptron classifier via machine learning on the joint label space (Sharma, paragraphs [0015], [0018]-[0020]: trained classifiers with vulnerability data.  Kumar, Fig. 3, box 202 with associated text and paragraph [0021]: joint space and learning machine.  The combination of Sharma and Kumar’s teachings would have a predictable result of training a multi-layer perceptron classifier via machine learning on the joint label space).
Regarding claim 12, Chen and Sharma disclose the method of claim 11.  Chen and Sharma do not explicitly disclose wherein a classifier operates on a joint latent space of the model, the classifier assigning labels to the vulnerability and/or exploit from a label set of the joint latent space.  However, utilizing a joint latent space to assign labels to data from a label set of the joint latent space is known in the art and Kumar’s teaching is an example (Fig. 3, box 202 with associated text: 202A-F-labels; box 202-joint latent space).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chen’s teaching of classifying threat data into attack phases with Sharma’s teaching of processing threat data by parsing its text and with Kumar’s teaching of utilizing a joint latent space to assign labels to data from a label set of the joint latent space to have a predictable result of a classifier operates on a joint latent space of the model, the classifier assigning labels to the vulnerability and/or exploit from a label set of the joint latent space.
Regarding claim 13, Chen, Sharma and Kumar disclose the method of claim 12, wherein a size of the label set is independent of the joint latent space (Sharma, paragraph [0053]: size of vulnerability vectors are not limited in processing.  Kumar, paragraph [0027]: a size of received natural language utterance is not limited).
Regarding claim 14, Chen and Sharma disclose the method of claim 11, wherein after training, a classifier predicts labels for the vulnerability and/or exploit based on the parsed text, the labels being derived from a first label set of a [joint latent space] observed during training and a second label set of the [joint latent space] that was not observed during training (Chen, Fig. 1, blocks 102-104 with associated text and Col. 6, line 30-Col. 7, line 32: association of threat data-first label set and observed data, attack phases-second label set that was not observed and mitigating techniques-predict label.  Sharma, paragraphs [0018]-[0019]: embedding vectors and trained classifiers). Chen and Sharma do not explicitly disclose joint latent space.  However, utilizing a joint latent space to assign labels to data from a label set of the joint latent space is known in the art and Kumar’s teaching is an example (Fig. 3, box 202 with associated text: 202A-F-labels; box 202-joint latent space).  Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chen’s teaching of classifying threat data into attack phases with Sharma’s teaching of processing threat data by parsing its text and trained classifiers and with Kumar’s teaching of utilizing a joint latent space to assign labels to data from a label set of the joint latent space to have a predictable result of after training, a classifier predicts labels for the vulnerability and/or exploit based on the parsed text, the labels being derived from a first label set of a joint latent space observed during training and a second label set of the joint latent space that was not observed during training.
Claims 17-19 claim similar subject matters to claims 12-14 respectively; therefore, claims 17-19 are rejected at least for the same reasons as claims 12-14 respectively.

Conclusion
10.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure: see PTO-892 Notice of References Cited.

11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to THANH T LE whose telephone number is (571)270-0279.  The examiner can normally be reached on Monday-Thursday 8:00 am - 4:00 pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

		/THANH T LE/                      Examiner, Art Unit 2495