DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Wang U.S. Pat. No. 10469514 (hereinafter Wang).
As per claim 1, Wang discloses a method comprising: 
for each operational technology (OT) network of a plurality of OT networks: 
providing at least one monitoring device for deployment in each OT network, the at least one monitoring device configured to process OT network traffic and collect telemetry data, and providing a telemetry sanitization system configured to apply a sanitization process to the telemetry data collected by the at least one monitoring device to generate sanitized telemetry data that does not include sensitive data (Wang: figure 3: customer 300A and 300L are local monitoring agents that collect network telemetry data and transmit to centralized controller; column 15 lines 7-23: the network sensor engine anonymizes portions of the generated metadata and other collected items of interest prior to transmission to remove or obfuscate sensitive or personalized information of the customer network); 
receiving sanitized telemetry data from the telemetry sanitization systems provided for the plurality of OT networks (Wang: column 17 line 64- column 18 line 14: central controller receives anonymized/sanitized data from multiple network sensor engines from multiple customers); 
maintaining threat intelligence data generated based on the sanitized telemetry data, the threat intelligence data describing a plurality of security threats identified in the plurality of OT networks (Wang: column 18 lines 14-36: central controller trains one or more global models using at least the data received from the data analysis engines of multiple customers related to potential threats identified at customer networks);
and providing access to at least one of the threat intelligence data and the sanitized telemetry data to a plurality of users (Wang: column 18 lines 37-62: providing threat intelligence data or training models to customer networks); 
wherein receiving the sanitized telemetry data, maintaining the threat intelligence data, and  providing access are performed by one or more computing devices (Wang: figure 3; column 13 lines 62 – column 14 line 12: global intelligence module and each local threat intelligence module are operable to cooperate to perform adaptive threat modeling between global and local threat intelligence).


As per claim 2, Wang discloses the method of claim 1. Wang further discloses wherein the sensitive data includes identifying data usable to identify at least one of: an OT network of the plurality of OT networks, an operator of the OT network, an individual associated with the OT network, and a device in the OT network (Wang: column 15 lines 8-22: sensitive information associated with customer networks).

As per claim 3, Wang discloses the method of claim 1. Wang further discloses wherein the threat intelligence data includes one or more techniques for detecting a security threat (Wang: column 12 line 59 – column 13 line 28: threat intelligence data used to train customer networks).

As per claim 4, Wang discloses the method of claim 1. Wang further discloses wherein the threat intelligence data includes one or more countermeasures for addressing a detected security threat (Wang: column 12 line 59 – column 13 line 28: threat intelligence data used to train customer networks).

As per claim 5, Wang discloses the method of claim 1. Wang further discloses wherein the plurality of users comprises one or more users associated with the plurality of OT networks (Wang: column 18 lines 37-62: providing threat intelligence data or training models to customer networks).

As per claim 6, Wang discloses the method of claim 1. Wang further discloses wherein the plurality of users comprises one or more users associated with a government agency, a regulatory body, or an industry trade group (Wang: column 12 lines 12-27; column 23 lines 47-67).


As per claim 7, Wang discloses the method of claim 1. Wang further discloses analyzing the sanitized telemetry data to generate threat intelligence data describing at least one security threat of the plurality of security threats (Wang: column 12 lines 42-57: the analysis engine analyzes data received from customers).

As per claim 8, Wang discloses the method of claim 1. Wang further discloses receiving threat intelligence data describing at least one security threat of the plurality of security threats from one or more users of the plurality of users (Wang: column 12 line 65 – column 13 line 11).

As per claim 9, Wang discloses the method of claim 1. Wang further discloses wherein providing access to the sanitized telemetry data includes providing a cloud-based portal for accessing the sanitized telemetry data (Wang: column 8 line 56 – column 9 line 4: cloud-based deployment).

As per claim 10, Wang discloses the method of claim 8. Wang further discloses providing access to the threat intelligence data through the cloud-based portal (Wang: column 8 line 56- column 9 line 4).

As per claim 11-20, claims 11-20 encompass same or similar scope as claims 1-10. Therefore, claims 11-20 are rejected based on same reasons set forth above in rejecting claims 1-10.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Reybok et al. U.S. Pat. No. 11222111 discloses technique for sharing network security event information.
Adams et al. U.S. Pub. No. 20210352088 discloses centralized threat intelligence.
Di Pietro et al. U.S. Pub. No. 20210279632 discloses using raw network telemetry traces to generate predictive insights using machine learning.
Njilla et al. U.S. Pub. No. 20200322373 discloses method for privacy preservation in cyber threat.
Schmugar et al. U.S. Pub. No. 20200311259 discloses cached file reputations.
Bernau et al. U.S. Pat. No. 10746567 discloses privacy preserving smart metering.
Aksela et al. U.S. Pub. No. 20200153843 discloses threat control method.
Lim U.S. Pub. No. 20170228658 discloses method for high speed threat intelligence management using unsupervised machine learning and prioritization algorithms.
Lunan U.S. Pub. No. 20140358745 discloses automated accounting method.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789. The examiner can normally be reached Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431