DETAILED ACTION
	Claims 1-9 are presented on 11/14/2022 for examination on merits.  Claims 10-20 are cancelled by Applicant.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would like the Applicant to submit two sets of claims: 
Set #1 as in a typical filing which includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 as an appendix to the Arguments/Remarks for a clean version of the claims which has all the markups removed for entry by the Examiner.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted for examination on merits is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered by the examiner. See the annotated 1449 documents.

Election/Restrictions
Claims 10-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected Groups II-III (Claims 10-20), there being no allowable generic or linking claim.  Election was made without traverse in the reply filed on 11/14/2022.  Applicant’s election without traverse of Group I (Claims 1-9) in the reply filed on 11/14/2022 is acknowledged.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claims 1-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons:
Claim 1 recites a limitation “prioritizing allocation of computing resources to neutralize the known cyberthreat” unclearly, because it is the first cyberthreat and the second cyberthreat that are identified by machine learning techniques for mitigation whereas the known cyberthreat is a reference for threat detection or identification.  Furthermore, the Specification evidently discloses the detected threats (including the first and second cyberthreats) are to be neutralized rather than the known cyberthreat.  Applicant is advised to clarify this limitation.
Claims 4 and 5 each recite limitations “the first cyberthreats” and “the second cyberthreats.” (in plural form). There is insufficient antecedent basis for the limitations in the claims.  It should be noted that claim 1 defines “a first cyberthreat” and “a second cyberthreat” in singular form only.  
Claims 8 and 9 each recite limitations for “a first relative complement of the first set of the first cyberthreats” and “a second relative complement of the second set of the second cyberthreats” unclearly because of the word “relative.”  The term "relative complement" in claims 8-9 is a relative term which renders the claim indefinite. The term "relative complement" is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. 
Claims 8 and 9 each recite limitations “members” without pointing out whether the members are members of cyberthreat or members of security countermeasure.  It should be noted that the Specification discloses that “Each member in a set of overlapping actions may correspond to a countermeasure that is included in the first set of countermeasures and included in the second set of countermeasures;” par. 0029 and “The third set of countermeasures may include members of the first set of countermeasures and members of the second set of countermeasures;” par. 0036.
Claims 2-9 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, because they depend from the rejected base claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Tahan (US 20210067556 A1) in view of Murthy (US 20220027810 A1).

As per claim 1, Tahan teaches an artificial intelligence ("AI") method for unifying cybersecurity vulnerabilities detected by disparate software tools deployed across an enterprise organization (Tahan, par. 0048: AI including learning and expert systems, for security architecture factory 100), the AI method comprising: 
detecting a first vendor tool operating on a target hardware system (Tahan, par. 0060-0061 and 0083: operating 261 target environment for an enterprise or organization); 
in response to detecting the first vendor tool, connecting an AI engine to a first application program interface ("API") that outputs a first cyberthreat formulated by the first vendor tool (Tahan, par. 0087: a firewall configuration tool via the tool's API (e.g., in an XML or JSON representation transferred or transmitted to the tool using a defined interface or protocol). See par. 0075-0076: set A technical security controls for threat 1); 
detecting a second vendor tool operating on the target hardware system (Tahan, par. 0075: threat 2 can be countered by set B technical security controls for threat 2 352); 
in response to detecting the second vendor tool, connecting the AI engine to a second API that outputs a second cyberthreat formulated by the second vendor tool (Tahan, par. 0075-0076: set B; see also FIG. 3B); 
applying machine learning techniques to the first cyberthreat and the second cyberthreat and thereby determining that the first cyberthreat and the second cyberthreat correspond to a known cyberthreat (Tahan, par. 0048: processing logic that includes artificial intelligence methods, including learning and expert systems; par. 0065: A threat class is a set of one or more known security threats).
While Tahan discloses that security threats in a threat class may be related in that the security threats can be … neutralized (par. 0050), Tahan does not explicitly disclose prioritizing allocation of computing resources to neutralize the known cyberthreat.  This aspect of the claim is identified as a difference.
In a related art, Murthy teaches:
prioritizing allocation of computing resources to neutralize the known cyberthreat (par. 0004: to prioritize resource allocation among supply chain stages… for mitigating supply chain sustainability risk.).
Tahan and Murthy are analogous art, because they are in a similar field of endeavor in improving mitigating risks or threats inside an enterprise network.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Tahan with Murthy’s teaching on resource prioritization for neutralize the known cyberthreat. For this combination, the motivation would have been to improve the level of security with minimized risk or threat.

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Tahan in view of Murthy, as applied to claim 1, and further in view of Reybok (US 20170171231 A1).

As per claim 2, Tahan in view of Murthy teaches the AI method of claim 1, but do not explicitly disclose a step for detecting a common IP address in the first cyberthreat and the second cyberthreat for determining that the first cyberthreat and the second cyberthreat correspond to the known cyberthreat. This aspect of the claim is identified as a further difference.
In a related art, Reybok teaches:
further comprising determining that the first cyberthreat and the second cyberthreat correspond to the known cyberthreat by detecting a common IP address in the first cyberthreat and the second cyberthreat (Reybok, par. 0061: threat data arising from a common IP).
Reybok is analogous art to the claimed invention in a similar field of endeavor in improving mitigation of network threats and risks.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Tahan-Murthy system with Reybok’s teaching on using a common IP address for threat detection. For this combination, the motivation would have been to improve the level of security with an effective threat detection technique.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Tahan in view of Murthy, as applied to claim 1, and further in view of Ahn (US 20200213342 A1).

As per claim 3, Tahan in view of Murthy teaches the AI method of claim 1, but do not explicitly disclose detecting a common host name in the first cyberthreat and the second cyberthreat. This aspect of the claim is identified as a further difference.
In a related art, Ahn teaches:
further comprising further comprising determining that the first cyberthreat and the second cyberthreat correspond to the known cyberthreat by detecting a common host name in the first cyberthreat and the second cyberthreat (Ahn, par. 0018: threats associated with threat hosts 136, 138, and 140 as shown in FIG. 1; par. 0029 and 0031: threat host 136; wherein the plurality of network-threat indicators comprise unique Internet host addresses or names; clm. 1).
Ahn is analogous art to the claimed invention in a similar field of endeavor in improving the detection of network threats.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Tahan-Murthy system with Ahn’s teaching on using a common host name in the detection of the first cyberthreat and the second cyberthreat. For this combination, the motivation would have been to improve the level of security with an threat detection technique using a known malicious host name.

Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Tahan in view of Murthy, as applied to claim 1, and further in view of Pai (US 10339484 B2).

As per claim 4, Tahan in view of Murthy teaches the AI method of claim 1, but do not explicitly disclose using a predetermined time period for the detection of the cyberthreats. This aspect of the claim is identified as a further difference.
In a related art, Pai teaches:
further comprising capturing: 
a first set of the first cyberthreats detected by the first vendor tool over a predetermined time period (Pai, col. 3, lines 43-46: measuring …a risk factor for the geographic region for a fixed period of time based on the signal strength of the identified content.  Pai discloses the cyberthreats associated with vendor tools deployed at the enterprise system; see also col.11, lines 31-56 for details on detecting a specific risk factor over a slice of time; col. 1, lines 18-20 for third parties (e.g., suppliers, vendors, partners, etc.) including possibly within their global supply chain); and 
a second set of the second cyberthreats detected by the second vendor tool over the predetermined time period (Pai, col. 3, lines 43-46: measuring …a risk factor; Pai also discloses multiple sets of threat data are monitored.  As such, Pai evidently discloses a second set of threats from a second vendor tool; see col. 3, lines 21-24: a plurality of nodes representative of risk factors in multiple geographic regions in which one or more third parties of a user operate.).
Pai is analogous art to the claimed invention in a similar field of endeavor in mitigating network risks.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Tahan-Murthy system with Pai’s teaching on the techniques for detecting security threats from vendor tools over a predetermined time period. For this combination, the motivation would have been to improve the enterprise security system for just-in-time threat mitigation.

As per claim 5, Tahan in view of Murthy teaches the AI method of claim 4 further comprising using the AI engine, determining that: 
the first set of the first cyberthreats includes a threshold number of known cyberthreats associated with the target hardware system (Pai, col. 14, lines 24-28: a configurable threshold value that is based on the variance of the historical distribution of the signal strength values for that risk factor in that geographic region; it is noted that the historical risk factors as suggested in Pai are known cyberthreats associated with the target hardware system; see col. 1, lines 18-20 for third-party/vendor tools); and 
the second set of the second cyberthreats includes the threshold number of known cyberthreats (Pai, col. 3, lines 43-46: measuring …a risk factor; Pai also discloses multiple sets of threat data, one of which qualifies as a second set.  As such, Pai evidently discloses this limitation; col. 14, lines 24-28; see also col. 3, lines 21-24: a plurality of nodes representative of risk factors in multiple geographic regions in which one or more third parties of a user operate).
Pai is analogous art to the claimed invention in a similar field of endeavor in mitigating network risks.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Tahan-Murthy system with Pai’s teaching on a threshold number of known cyberthreats associated with the target hardware system. For this combination, the motivation would have been to improve the monitoring of enterprise security threats with a baseline of known cyberthreats for comparative analysis.

Allowable Subject Matter
Claims 6-9 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The claims 6-9 each recite features that are not anticipated by, nor made obvious over the prior art of record when in combination with the other limitations in the base claim 1.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953.  The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862.  The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000.


/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        12/16/2022