Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 11/18/2022. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-25 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
	Regarding claims 1,9,16,21 and 24 it is stated “determining a plurality of similar targets to a target of the security incident…”
	The terms “similar targets” and “targets” are both indefinite and ambiguous and not a clearly defined technical feature.  
	Dependent claims 2-8,10-15,17-20,22-23 and 25 being dependent are also rejected under the same rationale. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1,3-4,6,8-11,13,15-16,18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Teran Matus (Herein after Teran) (US20210279603) in view of Baker (US10735451).

Examiner Note (E.N.): Regarding the term “target” the examiner is interpreting it as some variation of a system or network. 
	Regarding Claim 1, Claim 9, and Claim 16 Teran discloses A computer-implemented method, comprising: 
determining a plurality of recommended actions based on a security incident using an action model trained to make recommendations; (Paragraph [0016] E.N. Machine Learning (action model) is used to detect events (security incidents) to provide recommendation on actions for detecting special circumstances that require attention.)
determining a plurality of similar targets to a target of the security incident (Paragraph [0025 lines 5-8] E.N. The system recommends actions for an incident that was successful for a similar target.)
using a collaborative filtering model trained (Paragraph [0055] E.N. The clustering instruction (which is similar to collaborative filtering as they both are related to grouping similar items together) uses supervised or unsupervised machine learning operation to group data into event-related groupings)
 to assign a confidence value of similarity between two targets; (Paragraph [0058] E.N. Event Classification data is generated by clusters (See Paragraph [0057 lines [1-2]). If the confidence value of event classification data is lower than the threshold, the cluster is re-evaluated to determine if the cluster is actually associated with two or more distinct events.)
assigning a plurality of weights to the recommended actions based on: (Paragraph [0022] E.N. The system assigns weights to the data with parameters which can be used to generate recommendations regarding response actions and resource allocations.)
one or more actions taken by the similar targets and the confidence value; (Paragraph [0025 lines 5-8]) 
and a success or failure of the recommended actions; (Paragraph [0025 lines 5-8])
Teran does not, but in related art, Baker teaches: and generating a prioritized list of the recommended actions that is sorted based on the assigned weights. ((Col 10 lines 18-29) E.N. A prioritized remediation list (recommended actions) is generated and is ordered (sorted) employing a coloring system where red indicates most critical and yellow as less critical. The criticality (weights) are based on multiple factors such as compliance entity, vulnerability type etc.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran to incorporate the teachings of Baker because Teran does not explicitly disclose generating a list of actions based on the assigned weights which is taught by Baker. Incorporating the teachings of Baker to Teran allows for the use of weights in a list to prioritize what actions are the most critical and need to take priority regarding the security of the system/organization. 
	Regarding Claim 9, Teran further discloses A computer program product comprising program instructions stored on one or more computer readable storage media, the program instructions executable by one or more computer processors to cause the computer processors to perform a method comprising (Paragraph [0142]).
	Regarding Claim 16, Teran further discloses A system comprising: one or more computer processing circuits; and one or more computer-readable storage media storing instructions, which, when executed by the one or more computer processing circuits, are configured to cause the one or more computer processing circuits to perform a method comprising (Paragraph [0142]).

Regarding Claim 3 and Claim 10, Teran in view of Baker disclose the method of Claim 1 and the computer program product of claim 9. Teran further discloses to include a success rate of one or more of the recommended actions. (Paragraph [0025 lines 5-8] E.N. The system recommends certain actions indicating that similar actions led to a successful result within a certain amount of time.)
	Teran does not but in related art, Baker teaches: comprising generating the prioritized list of recommended actions (Col 10 lines 18-22) E.N. A prioritized remediation list (recommended actions) is generated.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran to incorporate the teachings of Baker because Teran does not explicitly disclose generating a list of prioritized recommended actions which is taught by Baker. Incorporating the teachings of Baker to Teran allows for generating a list of recommended actions along with if the action was or was not successful in a similar incident. 


Examiner Note (E.N.): Regarding the term “target” the examiner is interpreting it as some variation of a system or network. 
Regarding Claim 4 and Claim 11, Teran in view of Baker discloses the method of Claim 1 and the computer program product of claim 9. Teran further discloses determining that one of the similar targets has performed one of the recommended actions. (Paragraph [0025 lines 5-8] E.N. The system can indicate that a similar action performed led to a successful result.)

Regarding Claim 6,13, and 18 Teran in view of Baker disclose the method of Claim 1 and the computer program product of claim 9 and the system of claim 16. Teran further discloses wherein the action model comprises a regression model. (Paragraph [0042 lines 8-11] E.N. The machine learning model (similar to an action model) used regression models.)

	Regarding Claim 8,15, and 20 Teran in view of Baker disclose the method of Claim 1 and the computer program product of claim 9 and the system of claim 16. Teran does not, but in related art, Baker teaches wherein one of the recommended actions comprises a short term action that is prioritized based on the security incident being critical (Col 10 Lines 22-29] E.N. Remediation lists (recommended actions) are generated and are prioritized based on how critical the security incident is.)  
based on a point in time when the security incident takes place. (Col 4 lines 31-42] E.N. Remediation time may be used to find the point in time when the vulnerability (security incident) is detected.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran to incorporate the teachings of Baker because Teran does not explicitly disclose recommending actions that is prioritized based on the criticality and the point in time the incident takes place which is taught by Baker. Incorporating the teachings of Baker to Teran allows for the system to prioritize the most critical incident based on when the incident takes place.

Claim(s) 2,5,12,17,21-24 are rejected under 35 U.S.C. 103 as being unpatentable over Teran Matus (Herein after Teran) (US20210279603) in view of Baker (US10735451) and in further view of Margel (US20200259861).
	Regarding Claim 2, Teran in view of Baker discloses the method of Claim 1. Teran further discloses wherein assigning the weights is further based on a (Paragraph [0022] E.N. The system assigns weights to the data with parameters which can be used to generate recommendations regarding response actions and resource allocations.)
and a timing of the recommended actions. (Paragraph [0030] E.N. The system assigns different amount of weights based on repetitive incidences of events. If a zone is known to have repetitive incidences, a higher weight is assigned. Weights are used to determine the type of recommended actions needed for the incident (See Paragraph [0021])) 
	Teran and Baker do not but in related art, Margel teaches: timing of the security incident (Paragraph [0033 lines 21-23] E.N. Incidents may be timed to indicate when it occurred, or if there are any time patterns of the incident).
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran in view of Baker to incorporate the teachings of Margel because Teran and Baker does not explicitly disclose timing of the security incident which is taught by Margel. Incorporating the teachings of Margel to Teran and Baker allows for assigning weights based on both the timing of the recommended action as well as the timing of the security incident such as when and how often the incident occurs. 

Examiner Note (E.N.): Regarding the term “target” the examiner is interpreting it as some variation of a system or network. 
	Regarding Claim 5 and Claim 12, Teran in view of Baker discloses the method of Claim 4 and the computer program product of claim 11. Teran further discloses to the one recommended action. (Paragraph [0025 lines 5-8] E.N. The system recommends actions in response to detecting a situation).
	Teran and Baker do not, but in related art, Margel teaches: further comprising assigning the confidence value of the one similar target (Paragraph [0038 lines 23-26] E.N. The group classifier determines a confidence value. The confidence value is used to determine the similarity of the incidents.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran in view of Baker to incorporate the teachings of Margel because Teran and Baker do not explicitly disclose assigning a confidence value of the similar target which is taught by Margel. Incorporating the teachings of Margel to Teran and Baker allows for the use of confidence value to determine if a solution that worked for a similar event/system will work for another event/system.

	Regarding Claim 17 and 22, Teran in view of Baker discloses the system of claim 16 and the method of claim 21. Teran further discloses the method further comprising: determining that one of the similar targets has performed one of the recommended actions; (Paragraph [0025 lines 5-8] The system can indicate that a similar action performed led to a successful result.)
to the one recommended action (Paragraph [0025 lines 5-8] E.N. The system recommends actions in response to detecting a situation).
Teran and Baker do not, but in related art, Margel teaches: and assigning the confidence value of the one similar target (Paragraph [0038 lines 23-26] E.N. The group classifier determines a confidence value. The confidence value is used to determine the similarity of the incidents.)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran in view of Baker to incorporate the teachings of Margel because Teran and Baker do not explicitly disclose assigning a confidence value of the similar target which is taught by Margel. Incorporating the teachings of Margel to Teran and Baker allows for the use of confidence value to determine if a solution that worked for a similar event/system will work for another event/system.

	Regarding Claim 21 and 24 Teran discloses a computer-implemented method, comprising: determining a plurality of recommended actions based on a security incident using an action model trained to make recommendations; (Paragraph [0016] E.N. Machine Learning (action model) is used to detect events (security incidents) to provide recommendation on actions for detecting special circumstances that require attention.)
determining a plurality of similar targets to a target of the security incident (Paragraph [0025 lines 5-8] E.N. The system recommends actions for an incident that was successful for a similar target.)
 using a collaborative filtering model trained (Paragraph [0055] E.N. The clustering instruction (which is similar to collaborative filtering as they both are related to grouping similar items together) uses supervised or unsupervised machine learning operation to group data into event-related groupings)
 to assign a confidence value of similarity between two targets; (Paragraph [0058] E.N. Event Classification data is generated by clusters (See Paragraph [0057 lines [1-2]). If the confidence value of event classification data is lower than the threshold, the cluster is re-evaluated to determine if the cluster is actually associated with two or more distinct events.)
assigning a plurality of weights to the recommended actions based on: (Paragraph [0022] E.N. The system assigns weights to the data with parameters which can be used to generate recommendations regarding response actions and resource allocations.)
one or more actions taken by the similar targets and the confidence value; (Paragraph [0025 lines 5-8]) 
a success or failure of the recommended actions; (Paragraph [0025 lines 5-8]) 
and a timing of the recommended actions; (Paragraph [0030] E.N. The system assigns different amount of weights based on repetitive incidences of events. If a zone is known to have repetitive incidences, a higher weight is assigned. Weights are used to determine the type of recommended actions needed for the incident (See Paragraph [0021]))
wherein the prioritized list of recommended actions comprises a success rate of one or more of the recommended actions. (Paragraph [0025] E.N. The system provides an explainable AI output that has a human-understanding explanation for suggested actions. The system recommends certain actions indicating that similar actions led to a successful result within a certain amount of time.)
Teran does not but in related art, Baker teaches and generating a prioritized list of the recommended actions that is sorted based on the assigned weights, (Col 10 lines 18-29) E.N. A prioritized remediation list (recommended actions) is generated and is ordered (sorted) employing a coloring system where red indicates most critical and yellow as less critical. The criticality (weights) are based on multiple factors such as compliance entity, vulnerability type etc.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran to incorporate the teachings of Baker because Teran does not explicitly disclose generating a list of actions based on the assigned weights which is taught by Baker. Incorporating the teachings of Baker to Teran allows for the use of weights in a list to prioritize what actions are the most critical and need to take priority regarding the security of the system/organization.
Teran and Baker do not but in related art, Margel teaches: and a timing of the security incident (Paragraph [0033 lines 21-23] E.N. Incidents may be timed to indicate when it occurred, or if there are any time patterns of the incident)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran in view of Baker to incorporate the teachings of Margel because Teran and Baker does not explicitly disclose timing of the security incident which is taught by Margel. Incorporating the teachings of Margel to Teran and Baker allows for assigning weights based on both the timing of the recommended action as well as the timing of the security incident such as when and how often the incident occurs.
	Regarding Claim 24, Teran further discloses A computer program product comprising program instructions stored on one or more computer readable storage media, the program instructions executable by one or more computer processors to cause the computer processors to perform a method comprising (Paragraph [0142]).

Regarding Claim 23 Teran in view of Baker and in further view of Margel disclose the method of Claim 21. Teran further discloses wherein the action model comprises a regression model. (Paragraph [0042] E.N. The machine learning model (similar to an action model) used regression models.)



Claim(s) 7,14 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Teran Matus (Herein after Teran) (US20210279603) in view of Baker (US10735451) and in further view of Wan (US20210397625).

Examiner Note (E.N.): Regarding the term “target” the examiner is interpreting it as some variation of a system or network. 
	Regarding Claim 7,14, and 19 Teran in view of Baker discloses the method of Claim 1 and the computer program product of claim 9 and the system of claim 16. Teran and Baker do not, but in related art Wan teaches wherein the collaborative filtering model uses to identify the similar targets. (Paragraph [0054] E.N. Collaborative filtering (CF) is used to find similarity.)
weighted alternate least squares (Paragraph [0052] E.N. Alternating least square provides recommendations based on related action scores.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran in view of Baker to incorporate the teachings of Wan because Teran and Baker do not explicitly disclose collaborative filtering and alternate least squares which is taught by Wan. Incorporating the teachings of Wan to Teran and Baker allows for the use of Collaborative filtering and alternating least squares to find the similarities between targets to determine if a recommended action that previously worked for another target would apply for the current security incident. 



Claim(s) 25 is rejected under 35 U.S.C. 103 as being unpatentable over Teran Matus (Herein after Teran) (US20210279603) in view of Baker (US10735451) and in further view of Margel (US20200259861) and Wan (US20210397625).

Examiner Note (E.N.): Regarding the term “target” the examiner is interpreting it as some variation of a system or network. 	
Regarding Claim 25, Teran in view of Baker and in further view of Margel discloses the computer program product of claim 24. Teran, Baker and Margel do not, but in related art, Wan teaches wherein the collaborative filtering model uses to identify the similar targets. (Paragraph [0054] E.N. Collaborative filtering (CF) is used to find similarity.)
weighted alternate least squares (Paragraph [0052] E.N. Alternating least square provides recommendations based on related action scores.)
	Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Teran in view of Baker to incorporate the teachings of Wan because Teran and Baker do not explicitly disclose collaborative filtering and alternate least squares which is taught by Wan. Incorporating the teachings of Wan to Teran and Baker allows for the use of Collaborative filtering and alternating least squares to find the similarities between targets to determine if a recommended action that previously worked for another target would apply for the current security incident. 





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AAYUSH ARYAL whose telephone number is (571)272-2838. The examiner can normally be reached 8:00 a.m. - 5:30 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571) 272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/AAYUSH ARYAL/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435