DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority

The present application is a continuation of Application Serial No. 16/103,750, filed 14 August 2018, and issued as US Patent 10,970,400 on 06 April 2021.

Response to Amendment

A preliminary amendment was received on 30 April 2021.  By this amendment, Claims 1-3, 8, 10, 12-14, 19, 21, and 22 have been amended.  Claims 4, 5, 15, and 16 have been canceled.  New Claim 23 has been added.  Claims 1-3, 6-14, and 17-23 are currently pending in the present application.

Drawings

Figure 4 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. The replacement sheet(s) should be labeled “Replacement Sheet” in the page header (as per 37 CFR 1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: 112A, 114A, 112B, 114B (see paragraph 0052).  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Specification

The abstract of the disclosure is objected to because it includes legal phraseology of the type often used in patent claims (e.g. “wherein”), which is to be avoided in the abstract.  The abstract further includes minor informalities.  In particular, in line 4, “a scored” should read “a score”.  Correction is required.  See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:  
The specification does not include a summary as per 37 CFR 1.73.  See also MPEP § 608.01(d).  If a summary was intentionally omitted, Applicant is requested to make a statement confirming this on the record.
The specification includes minor grammatical and other errors.  For example, in paragraph 0006, line 3, the term “futex” has not been defined.  In paragraph 0028, lines 2-5, the use of commas and semicolons between list items is inconsistent.  In paragraph 0045, line 2, the verb “is communicatively coupled” does not agree with the subject “computer(s)”.  In paragraph 0051, line 7, the verb “generates” does not agree with the subject “computer(s)”.  In paragraph 0055, the scale of the risk scores is not clear.  In paragraph 0057, there are not clear descriptions of the elements 216-224 or the elements 200-214.  In paragraph 0065, line 8, the subject of the verb “are” does not agree with the subject “number”.  In paragraph 0066, line 7, an article (e.g. “the” or “a”) should be inserted before “second model”.  In paragraph 0068, line 4, the terms “developed exploit feature/developed exploit time feature” are not well-defined.  In paragraph 0069, lines 5-6, it is not clear what the phrase “an exploit to be developed for the corresponding software vulnerability will be used in an attack” is intended to modify or be coordinated with.  In paragraph 0079, line 5, the verb “are” does not agree with the subject “number”.  In paragraph 0091, lines 3-8, the list items are not clear as to which items, if any, are intended to be grouped together.  In paragraph 0092, line 7, it is not clear what the subject of the verb “allows” is intended to be.  In paragraph 0098, lines 9-10, it is not grammatically clear what the phrase “such as place the data on a bus” is intended to modify.
Appropriate correction is required.  Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
The use of the terms Linux, Android (see paragraph 0006), Amazon Web Services (paragraph 0026), Wi-Fi (paragraphs 0091, 0100), Bluetooth (paragraph 0100), Docker, Kubernetes (paragraph 0101), which are trade names or marks used in commerce, has been noted in this application. The terms should be accompanied by the generic terminology; furthermore the terms should be capitalized wherever they appear or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) is permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Claim Objections

Claims 2, 3, 13, and 14 are objected to because of the following informalities:
In Claim 2, a comma should be inserted after “The system of Claim 1”.
In Claim 3, a comma should be inserted after “The system of Claim 2”
In Claim 13, a comma should be inserted after “The method of Claim 12”
In Claim 14, a comma should be inserted after “The method of Claim 13”.
Appropriate correction is required.

Double Patenting

The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-3, 6-14, and 17-23 are rejected on the ground of nonstatutory double patenting as being unpatentable over Claims 1-18 of U.S. Patent No. 10,970,400. Although the claims at issue are not identical, they are not patentably distinct from each other because the pending claims are broader than or are obvious variations on the patented claims.  Pending Claim 1 recites storing first and second models that have been trained as per the system of patented Claim 1, and further recite the obvious steps of using the second model for its intended purpose.  Similarly, the other pending independent Claims 10, 12, and 21 have analogous correspondences to patented independent Claims 8, 10, and 17.  Pending Claims 2, 3, 6-9, 11, 13, 14, 17-20, and 22 similarly correspond to patented Claims 2-7, 9, 11-16, and 18, respectively.  Pending Claim 23 corresponds to a subset of the steps of patented dependent Claim 15, where a first model enables determining a likelihood whether an exploit will be developed for a vulnerability and another model enables determining a likelihood an exploit will be used in an attack.
Claim 23 is rejected on the ground of nonstatutory double patenting as being unpatentable over Claim 1 of U.S. Patent No. 10, 114, 954.  Although the claims at issue are not identical, they are not patentably distinct from each other because pending Claim 23 is broader than and therefore anticipates patented Claim 1.  Both pending Claim 23 and patented Claim 1 recite a first model that enables determining a likelihood whether an exploit will be developed for a vulnerability and a second model that enables determining a likelihood an exploit will be used in an attack.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-3, 6-14, and 17-23 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites that the first and second models enable “determining whether an exploit will be developed for software vulnerabilities”.  It is not clear how the model would be able to explicitly determine whether a specific future action will occur.  It appears that this may instead be intended to recite that the models determine a likelihood or probability that exploits will be developed or similar.  The claim further recites a series of instructions to be executed; however, the list of instructions does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the functions are alternatives or if they are all required.  The claim also recites “second training data comprising only training instances of said first training data which… produced a score greater than a threshold value” in lines 16-19.  However, the term “comprising” is open-ended, whereas this limitation appears to be reciting a closed set of data by the use of “only”.  This is contradictory, although it appears that replacing “comprising” with “consisting of” would clarify the scope.  The claim additionally recites “an exploit” in line 20.  It is not clear whether this is intended to refer to the same exploit as recited in line 8 or to a distinct exploit.  The above ambiguities render the claim indefinite.
Claim 2 recites “the training instance” in line 3.  However, Claim 1 recited plural training instances, and it is not clear to which of these plural instances this limitation is intended to refer.
Claim 6 recites “the second input data that corresponds to a second plurality of software vulnerabilities” in lines 14-16.  Although the claim previously recited second input data, there is not clear antecedent basis for the more detailed limitation.  The claim further recites a series of instructions to be executed; however, the list of instructions does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the functions are alternatives or if they are all required.
Claim 7 recites “the first threshold value” in line 1.  There is insufficient antecedent basis for this limitation in the claims.
Claim 8 recites that the third and fourth models enable “determining whether an exploit that has yet to be developed will be used in an attack”.  It is not clear how the model would be able to explicitly determine whether a specific future action will occur.  It appears that this may instead be intended to recite that the models determine a likelihood or probability that exploits will be used in an attack or similar.  The claim further recites a series of instructions to be executed; however, the list of instructions does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the functions are alternatives or if they are all required.  The claim additionally recites “third training data comprising only training instances of said second training data which… produced a score greater than a threshold value” in lines 14-16.  First, it is not clear whether “a threshold value” is intended to refer to the threshold value of Claim 1, the second threshold value of Claim 6, or a distinct threshold value.  Further, the term “comprising” is open-ended, whereas this limitation appears to be reciting a closed set of data by the use of “only”.  This is contradictory, although it appears that replacing “comprising” with “consisting of” would clarify the scope.  The claim also recites “an exploit that has yet to be developed” in lines 17-18.  It is not clear whether this is intended to refer to the same exploit as recited in line 6 or to a distinct exploit.  
Claim 9 recites “said each software vulnerability” in lines 7-8.  It is not clear whether this is intended to refer to software vulnerabilities in the first plurality, second plurality, or third plurality of vulnerabilities.  The claim further recites “an exploit” in lines 11, 19, and 24.  It is not clear if this is intended to refer to a previously recited exploit or to a distinct exploit.  The claim additionally recites “the exploit” in line 20; it is not clear to which of the plural exploits this is intended to refer.  The claim also recites a series of instructions to be executed; however, the list of instructions does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the functions are alternatives or if they are all required.  
Claim 10 recites that the first and second models enable “determining whether an exploit to be developed for software vulnerabilities will be used in an attack”.  It is not clear how the model would be able to explicitly determine whether a specific future action will occur.  It appears that this may instead be intended to recite that the models determine a likelihood or probability that exploits will be used in an attack or similar.  The claim further recites a series of instructions to be executed; however, the list of instructions does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the functions are alternatives or if they are all required.  The claim also recites “second training data comprising only training instances of said first training data which… produced a score greater than a threshold value” in lines 16-19.  However, the term “comprising” is open-ended, whereas this limitation appears to be reciting a closed set of data by the use of “only”.  This is contradictory, although it appears that replacing “comprising” with “consisting of” would clarify the scope.  The claim additionally recites “an exploit to be developed” in line 20.  It is not clear whether this is intended to refer to the same exploit as recited in line 8 or to a distinct exploit.  The above ambiguities render the claim indefinite.
Claim 11 recites “the second input data that corresponds to a second plurality of software vulnerabilities” in lines 14-16.  Although the claim previously recited second input data, there is not clear antecedent basis for the more detailed limitation.  The claim further recites a series of instructions to be executed; however, the list of instructions does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the functions are alternatives or if they are all required.
Claim 12 recites that the first and second models enable “determining whether an exploit will be developed for software vulnerabilities”.  It is not clear how the model would be able to explicitly determine whether a specific future action will occur.  It appears that this may instead be intended to recite that the models determine a likelihood or probability that exploits will be developed or similar.  The claim further recites a series of steps to be performed; however, the list of steps does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the steps are alternatives or if they are all required.  The claim also recites “second training data comprising only training instances of said first training data which… produced a score greater than a threshold value” in lines 11-13.  However, the term “comprising” is open-ended, whereas this limitation appears to be reciting a closed set of data by the use of “only”.  This is contradictory, although it appears that replacing “comprising” with “consisting of” would clarify the scope.  The claim additionally recites “an exploit” in line 14.  It is not clear whether this is intended to refer to the same exploit as recited in lines 3-4 or to a distinct exploit.  The above ambiguities render the claim indefinite.
Claim 13 recites “the corresponding for said training instances of said first training data score” in lines 1-2.  This is grammatically unclear.  The claim further recites “the training instance” in line 3.  However, Claim 12 recited plural training instances, and it is not clear to which of these plural instances this limitation is intended to refer.
Claim 14 recites “the training instance” in line 3.  Because Claim 12 recited plural training instances, it is not clear to which of these plural instances this limitation is intended to refer.
Claim 17 recites “the second input data that corresponds to a second plurality of software vulnerabilities” in lines 13-14.  Although the claim previously recited second input data, there is not clear antecedent basis for the more detailed limitation.  The claim further recites a series of steps to be performed; however, the list of steps does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the steps are alternatives or if they are all required.
Claim 19 recites “second training data” in line 3.  It is not clear whether this second training data is intended to refer to the same second training data as recited in Claim 12 or to distinct second training data.  Claim 19 further recites a series of steps to be performed; however, the list of steps does not include a conjunction (e.g. “and” or “or”).  The claim additionally recites “third training data comprising only training instances of said second training data which… produced a score greater than a threshold value” in lines 13-15.  First, it is not clear whether “a threshold value” is intended to refer to the threshold value of Claim 12, the second threshold value of Claim 17, or a distinct threshold value.  Further, the term “comprising” is open-ended, whereas this limitation appears to be reciting a closed set of data by the use of “only”.  This is contradictory, although it appears that replacing “comprising” with “consisting of” would clarify the scope.  It is not clear whether the steps are alternatives or if they are all required.  The claim also recites “an exploit that has yet to be developed” in lines 16-17.  It is not clear whether this is intended to refer to the same exploit as recited in lines 6-7 or to a distinct exploit.
Claim 20 recites “said each software vulnerability” in lines 6-7.  It is not clear whether this is intended to refer to software vulnerabilities in the first plurality, second plurality, or third plurality of vulnerabilities.  The claim further recites “an exploit” in lines 10, 18, and 23.  It is not clear if this is intended to refer to a previously recited exploit or to a distinct exploit.  The claim additionally recites “the exploit” in line 19; it is not clear to which of the plural exploits this is intended to refer.  The claim also recites a series of steps to be performed; however, the list of steps does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the steps are alternatives or if they are all required.
Claim 21 recites a series of steps to be performed; however, the list of steps does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the steps are alternatives or if they are all required.  The claim further recites “second training data comprising only training instances of said first training data which… produced a score greater than a threshold value” in lines 12-14.  However, the term “comprising” is open-ended, whereas this limitation appears to be reciting a closed set of data by the use of “only”.  This is contradictory, although it appears that replacing “comprising” with “consisting of” would clarify the scope.  The claim additionally recites “an exploit that has yet to be developed” in line 15.  It is not clear whether this is intended to refer to the same exploit as recited in line 4 or to a distinct exploit.  The above ambiguities render the claim indefinite.
Claim 22 recites “the second input data that corresponds to a second plurality of software vulnerabilities” in lines 13-15.  Although the claim previously recited second input data, there is not clear antecedent basis for the more detailed limitation.  The claim further recites a series of steps to be performed; however, the list of steps does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the steps are alternatives or if they are all required.
Claim 23 recites that the first model enables “determining whether an exploit will be developed for software vulnerabilities” and that the second model enables “determining whether an exploit to be developed for software vulnerabilities will be used in an attack”.  It is not clear how the model would be able to explicitly determine whether a specific future action will occur.  It appears that this may instead be intended to recite that the models determine a likelihood or probability that exploits will be developed or used in an attack or similar.  The claim further recites a series of steps to be performed; however, the list of steps does not include a conjunction (e.g. “and” or “or”).  It is not clear whether the steps are alternatives or if they are all required.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Descriptions of the cited references may be found in the Office actions mailed in the parent application Serial No. 16/103,750.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:30am-6:00pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492