DETAILED ACTION
This action is in response to the application filed 16 August 2019, claiming benefit back to 22 August 2018.
Claims 1 – 20 are pending and have been examined.
This action is Non-Final.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 18 November 2019 has been considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claimed invention, when the claims are taken as a whole,  is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.   

Step 2A – 1: The claims recite a Judicial Exception. Exemplary independent claim 1 recites the limitations of  determining an inherent risk rating  of the supplier based on risk attributes of the supplier,  performing a control assessment of the supplier to determine a control assessment result, quantifying other risk attributes, calculating the SRI  based on the inherent risk rating, the assessment result, and the other risk attributes. These limitations, as drafted, are a process that, under its broadest reasonable interpretation, covers fundamental economic practices [e.g. agreements between people in the form of contracts, legal obligations, and business relations], certain methods of organizing human activity [e.g. managing relationships or transactions between people], by the performance of the limitations in the mind, but for the recitation of generic computer components.  The claim limitations are directed to determining a supplier risk, and but for the recitation of “by a processor”, the claim encompasses a user simply calculating the SRI in his/her mind. The mere nominal recitation of a generic processor does not take the claim out of the fundamental economic practice, method of organizing human activity, and mental process grouping. 


Step 2A – 2: This judicial exception is not integrated into a practical application, and the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. 
Independent claim 1 recites the additional element of a processor; and independent claims 10 and 20 recite the additional limitations of a computing apparatus comprising: a processor; a memory; a display; and a communication interface coupled to each of the processor and the memory.   The computer elements that perform the steps are recited at a high level of generality, and merely automates the comparison step. Each of the additional limitations is no more than mere instructions to apply the exception using a generic computer component.
	The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer component. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
	Further, as per MPEP 2106.05, the claims do not provide for recite any improvements to the functioning of a computer, or to any other technology or technical field; applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition; applying the judicial exception with, or by use of, a particular machine; effecting a transformation or reduction of a particular article to a different state or thing; or applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception.
	The claim is directed to the abstract idea.

The dependent claims have the same deficiencies as their parent claims as being directed towards an abstract idea, as the dependent claims merely narrow the scope of their parent claims, and it has been held that “[i]n defining the excluded categories, the Court has ruled that the exclusion applies if a claim involves a natural law or phenomenon or abstract idea, even if the particular natural law or phenomenon or abstract idea at issue is narrow.” (buySAFE, Inc. v. Google, Inc., 765 F.3d 1350.  )
Turning to the dependent claims, none of the claimed features of the dependent claims further limit the claimed invention in such a way to direct the claimed invention to statutory subject matter (e.g. change the scope of the claimed invention as to no longer be directed towards an abstract idea, or include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements or combination of elements in the claims other than the abstract idea per se), nor do they add limitations that, when taken as a combination, result in the claim as a whole amounting to significantly more than the judicial exception. In respect to exemplary dependent claims 2 – 9:

Claims 5 and 9 merely describe the calculation used in determining the score;
Claim 6 merely recites updating information, which is a generic computer functions previously known to the industry (see MPEP 2106.05(d)); 
Claims 7 and 8 merely recite displaying information, which is abstract as an ancillary part of such collection and analysis. 1

Step 2B: The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements or combination of elements in the claims other than the abstract idea per se [e.g. computing apparatus comprising: a processor; a memory; a display; and a communication interface coupled to each of the processor and the memory] amount to no more than  mere instructions to implement the idea on a computer, or the recitation of generic computer structure that serves to perform generic computer functions previously known to the industry2  [e.g. performing repetitive calculations;  receiving, processing, and storing data; electronically scanning or extracting data from a physical document;  electronic recordkeeping;  automating mental tasks;  receiving or transmitting data over a network, e.g., using the Internet to gather data] . 


Viewed as a whole, these additional claim elements, both individually and in combination, do not provide meaningful limitations to transform the above identified abstract idea into a patent eligible application of the abstract idea such that the claims amount to significantly more (e.g. improvements to another technology or technical fields, improvements to the functioning of the computer itself, or meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment) than the abstract idea itself.   Thus, taken alone, the additional elements do not amount to significantly more than the above-identified judicial exception (the abstract idea). Looking at the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. There is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely provide conventional computer implementation3.
Therefore, the claims are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. See Alice Corporation Pty. Ltd. v. CLS Bank International, 573 U.S. No. 13–298.            

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 4, 6, 7, 9, 10 – 14, and 17 – 20 are rejected under 35 U.S.C. 102(a)(1) as being disclosed by Ng et al. (U.S. 2015/0186814, hereinafter Ng).
		
In respect to claim 1, Ng discloses a method of determining a supplier risk index (SRI) for a supplier, the method comprising:
	determining an inherent risk rating4 of the supplier based on risk attributes of the supplier (see at least [0006]-[0009] ... The prescribed areas and related attributes may be examined based on the supplier's historical performance or projected ability to perform, resources available or committed, its culture and background, and working relationship with its customer such as the manufacturer of the product.... The product storage may be configured to store characteristic elements applicable to one or more products, and the technical-profile storage may be configured to store technical-profile elements applicable to one or more manufacturing suppliers. The risk-rating applicator may be configured to receive assignment of quantitative risk ratings [i.e. an inherent risk rating] to respective characteristic elements and respective technical profile elements based on applicability of the respective characteristic elements to a particular product and a particular manufacturing supplier... The risk assessor may be configured to generate a technical risk assessment of the particular manufacturing supplier for the particular product, with the technical risk assessment including a plurality of risk factors each of which may be related to one or more characteristic elements and technical-profile elements; see further  [0031] The risk-rating applicator 206 may be configured to receive assignment of quantitative risk ratings to respective characteristic elements and respective technical-profile elements based on applicability of the respective characteristic elements to a particular product and a particular manufacturing supplier. The risk-rating applicator may receive these assignments from an input system, such as the input system 102 of FIG. 1, which in some examples, may receive the assignments from a user of the STO risk assessment system 100);
	performing a control assessment of the supplier to determine a control assessment result (see at least [0030] ... More particularly, for example, the technical-profile elements may include questions [i.e. performing a control assessment] related to a supplier's technical performance, infrastructure, organizational structure, sub-tier management, domicile, cooperation, communication, risk management, ability to work with an integrated schedule, whether the supplier controls a key technology; see further  [0051]...As shown in FIG. 4, a single-supplier risk assessment report 400 may identify at least some of the risk factors of an appropriate technical risk assessment; see further  Fig 9 #704 #SP7 performing a control see further  Fig 11A performing a control assessment of the supplier to determine a control assessment result);
	quantifying other risk attributes (see at least [0009]  For each risk factor, the quantitative parameters may include a likelihood and a consequence, and the risk score may be calculated as a function of the quantitative parameters for the risk factor [i.e. other risk factors], and the quantitative risk ratings assigned to the characteristic element(s) and technical-profile element(s) related to the risk factor; see further  [0033] The risk assessor 208 may be configured to generate a technical risk assessment of the particular manufacturing supplier for the particular product, with the technical risk assessment including a plurality of risk factors...); and
	calculating, by a processor, the SRI5 based on the inherent risk rating, the assessment result, and the other risk attributes (see at least [0068] FIG. 1800 illustrates various operations in a method 1800 according to which the technical risk assessment may be generated. As shown at blocks 1802 and 1804, this method may include receiving assignment of quantitative parameters and calculating risk scores for respective risk factors, and wherein for each risk factor, the quantitative parameters include a likelihood and a consequence, and the risk score is calculated as a function of the quantitative parameters for the risk factor, and the quantitative risk ratings assigned to the characteristic element(s) and technical-profile element(s) related to the risk factor; see further  [0043] To further illustrate these calculations, consider a risk factor having a likelihood of 4, a consequence of 4, and a weight of 30. Also consider the risk factor as being related to upper-tier elements (characteristic and/or technical-profile) having risk ratings of 4 and 3 and 1, and lower-tier elements ( characteristic and/or technical-profile) having risk ratings of 4 and 1 and 1. In this example, the total weight of the risk factor may be calculated as follows: ... And the risk score for the risk factor may be calculated as follows...; see further [0007] In accordance with example implementations, predetermined links may be established to adjust weights of various areas based on assessment results [i.e. assessment result], with a total score [i.e. SRI] displayed in an understandable risk management format for review).

In respect to claim 2, Ng discloses the method of claim 1, wherein the risk attributes comprise at least one of: a remote access attribute of the supplier; a sub line of business attribute of the supplier; a recovery time objective attribute of the supplier; a personal information/confidential information retention attribute of the supplier; a number of records of the supplier; a supplier-hosted application attribute of the supplier; a consumer/customer contact attribute of the supplier; a regulatory/compliance attribute of the supplier; and a difficulty of replacement attribute for the supplier (see at least [0006] ...The prescribed areas and related attributes may be examined based on the supplier's historical performance or projected ability to perform, resources available or committed, its culture and background, and working relationship with its customer such as the manufacturer of the product; see further [0033]... Other examples of suitable
risk factors include questions related to technical metrics reporting and management, effective defect containment and disposition, corrective action responsiveness and/or resolution effectiveness, effective change management implementation, requirements quality, production and quality management system, disruptive risks [i.e. a recovery time objective attribute of the supplier], and the like.)

In respect to claim 3, Ng discloses the method of claim l, wherein the control assessment comprises an assessment of a supplier with respect to at least one of: communications and connectivity controls and protocols of the supplier; a risk management program of the supplier; encryption policies of the supplier; authorization and authentication controls over data of the supplier; data integrity controls of the supplier; application controls of the supplier; business practices, policies, and procedures of the supplier; and management oversight of the supplier (see at least [0030] ... The technical-profile elements may relate to characteristics of a particular manufacturing supplier and/or its past performance. More particularly, for example, the technical-profile elements may include questions related to a supplier's technical performance, infrastructure, organizational structure, sub-tier management, domicile, cooperation, communication, risk management [i.e. a risk management program of the supplier], ability to work with an integrated schedule, whether the supplier controls a key technology, and the like; see further Fig 9 #704 SP7) .

In respect to claim 4, Ng discloses the method of claim l, wherein the other risk attributes at the supplier comprise at least one of: a financial viability assessment (FVA) of the supplier; any negative news affecting the supplier; a concentration of risk assessment result of the supplier; a performance rating of the supplier; a vulnerability impact assessment result of the supplier; and a reporting of cyber incidents of the supplier (see at least [0030] ... The technical-profile elements may relate to characteristics of a particular manufacturing supplier and/or its past performance [i.e. a performance rating of a supplier]. More particularly, for example, the technical-profile elements may include questions related to a supplier's technical performance, infrastructure, organizational structure, sub-tier management, domicile, cooperation, communication, risk management, ability to work with an integrated schedule, whether the supplier controls a key technology, and the like; see further Fig 9 #704 SP1).

6, Ng discloses the method of claim 1, further comprising receiving updated information for at least one of the inherent risk rating, the control assessment of the supplier, and other risk attributes, and updating the SRI based on the updated information in real-time (see at least FIG. 9, UPDATE ASSESSMENT).

In respect to claim 7, Ng discloses the method of claim 1, further comprising displaying the SRI along with additional supplier information in a supplier selection interface (see at least [0051] FIGS. 4, 5 and 6 illustrate more particular examples of visual artifact(s) of a suitable single-supplier risk assessment, multiple-supplier risk assessment, and self-assessment, respectively, according to example implementations of the present disclosure in which the artifacts may be presented in the form of reports. As shown in FIG. 4, a single-supplier risk assessment report 400 may identify at least some of the risk factors of an appropriate technical risk assessment. In some examples, the report may include all of the risk factors, or only a subset of the risk factors such as a number ( e.g., five) of the highest-scoring risk factors. The report may include the risk scores 402 for the identified risk factors. In some examples, the report may also include related assessment data 404 from the technical risk assessment, such as the quantitative parameters for the identified risk factors including the likelihood, consequence and/or weight (in some examples the total weight). And as indicated above, the report may include a risk matrix 406 and/or tornado diagram 408 for the identified risk factors; see further [0065] FIG. 15 illustrates a GUI for displaying visual artifact(s) of a suitable multiple-supplier risk assessment. As shown, the GUI includes a main window 1500 in which at least some of the risk factors of appropriate technical risk assessments for multiple manufacturing suppliers may be identified, and include the risk scores for those risk factors, such as in a table 1502. In the illustrated examples, the first area may identify the five highest-scoring risk factors for each manufacturing supplier, and include the risk scores for their five highest-scoring risk factors as well as the five highest scoring risk factors for the other manufacturing suppliers (some of which may be the same risk factors). The main window may also include a risk matrix 1504 and a tornado diagram 1506 for the identified risk factors for the multiple manufacturing suppliers).

In respect to claim 9, Ng discloses the method of claim 1, wherein the SRI is calculated as a numerical score (see at least FIG. 9, #900; see further [0032]... In some examples, the risk rating may be an integer in the range of 0 to 5 in increasing applicability (increasing risk), where a rating of 0 may represent a complete inapplicability (zero risk), a rating of 1 may represent the lowest applicability (lowest positive risk), and a rating of 5 may represent the highest applicability (highest risk). And in some examples, the risk ratings for the characteristic elements may be assigned according to a set of rating guidelines, as may the risk ratings for the technical-profile elements).

In respect to claim 10, it recites a system performing the same steps as found in claim 1, and is rejected using the same rationale. Claim 10 recites the additional elements of:
	computing apparatus comprising: a processor (see at least [0071]); a memory (see at least [0071]); a display (see at least  [0071] Generally, an apparatus of exemplary implementations of the present disclosure may comprise, include or be embodied in one or more fixed or portable electronic devices. Examples of suitable electronic devices include a smartphone, tablet computer, laptop computer, desktop computer, workstation computer, server computer or the like. The apparatus may include one or more of each of a number of components such as, for example, a processor ( e.g., processor unit) connected to a memory (e.g., storage device); see further  [0075] In addition to the memory, the processor may also be connected to one or more interfaces for displaying, transmitting and/ or receiving information. The interfaces may include a communications interface (e.g., communications unit) and/ or one or more user interfaces. The communications interface may be configured to transmit and/or receive information, such as to and/or from other apparatus(es), network(s) or the like. The communications interface may be configured to transmit and/or receive information by physical (wired) and/ or wireless communications links. Examples of suitable communication interfaces include a network interface controller (NIC), wireless NIC (WNIC) or the like) ; and a communication interface coupled to each of the processor and the memory (see at least [0075] In addition to the memory, the processor may also be connected to one or more interfaces for displaying, transmitting and/ or receiving information. The interfaces may include a communications interface (e.g., communications unit) and/or one or more user interfaces. The communications interface may be configured to transmit and/or receive information, such as to and/or from other apparatus(es), network(s) or the like. The communications interface may be configured to transmit and/or receive information by physical (wired) and/ or wireless communications links. Examples of suitable communication interfaces include a network interface controller (NIC), wireless NIC (WNIC) or the like); ... wherein the display is operable to provide a user interface displaying an SRI dashboard for the supplier indicating the SRI of the supplier (see at least [0012] ... system may further include an output system coupled to the supplier risk identification system, and configured to generate one or more visual artifacts of the technical risk assessment. Also in these examples, the visual artifact(s) may include a risk matrix on which at least some of the risk factors are identified in an arrangement according to their likelihood and consequence, or a tornado diagram in which at least some of the risk factors are identified based on and in an arrangement according to their risk score; see further Fig 7 [i.e. real-time]). 


11, Ng discloses the computing apparatus of claim 10, wherein the user interface additionally displays real-time control effectiveness information of the supplier based on the quantifications of a control assessment result (see at least Fig 11A displays real-time control effectiveness information of the supplier based on the quantifications of a control assessment result).

In respect to claim 12, Ng discloses the computing apparatus of claim 11, wherein the control effectiveness information includes a details selector for immediately displaying underlying supplier data used to determine the control assessment result (see at least ...[0057) FIG. 7 further illustrates a control 712 such as a text box in which a rationale and/or comments related to the assigned risk rating may be received, a detail which may be selectively hidden from view such as in FIG. 8).

In respect to claim 13, Ng discloses the computing apparatus of claim 10, wherein the user interface additionally displays real-time performance information of the supplier based on historical performance data of the supplier (see at least Fig 10 #704 SP1; see further  FIG. 12 is similar to FIG. 10 but for a self-assessment instead of a technical assessment. In FIG.12, the second area 704 is shown displaying a self-assessment element (manufacturer self-assessment) for a self-assessment, and where assignment of quantitative parameters such as a likelihood 1002, consequence 1004 and weight 1006 may be received via appropriate controls such as drop-down lists for each quantitative parameter for each self-assessment element. Again, the consequence may be divided into multiple measures of performance 1008, such as technical, schedule and cost. Also similar to before, guidelines for assignment of the likelihood 1200 and those for assignment of the  consequences to the measures of performance 1202 may also be displayed in the second area of the main window 700).

In respect to claim 14, Ng discloses the computing apparatus of claim 13, wherein the control effectiveness information includes a details selector for immediately displaying underlying supplier data used to determine the performance information (see at least Fig 8 #706 Show Detail; see further [0057] ... And as further shown in FIG. 8, the windows of the GUI may include an area or window 800 such as a popup window in which guidelines for assignment of the risk rating for one or more of the characteristic elements may be displayed, and which in some examples may be accessed in response to selection of an appropriate control).

In respect to claim 17, Ng discloses the computing apparatus of claim I 0, wherein the user interface displays a supplier SRI score along with additional supplier information for each of a plurality of suppliers for comparison of risk between the plurality of suppliers (see at least Fig 15 #1500; see further [0065] FIG. 15 illustrates a GUI for displaying visual artifact(s) of a suitable multiple-supplier risk assessment. As shown, the GUI includes a main window 1500 in which at least some of the risk factors of appropriate technical risk assessments for multiple manufacturing suppliers may be identified, and include the risk scores for those risk factors, such as in a table 1502. In the illustrated examples, the first area may identify the five highest-scoring risk factors for each manufacturing supplier, and include the risk scores for their five highest-scoring risk factors as well as the five highest scoring risk factors for the other manufacturing suppliers (some of which may be the same risk factors). The main window may also include a risk matrix 1504 and a tornado diagram 1506 for the identified risk factors for the multiple manufacturing suppliers).

In respect to claim 18, Ng discloses the computing apparatus of claim 10, wherein the user interface is a real-time dashboard for a supplier that indicates key supplier metrics (see at least [0064] FIG. 14 illustrates a GUI for displaying visual artifact(s) of a suitable single-supplier risk assessment. As shown, the GUI includes a main window 1400 that may be divided into a plurality of area in which respective visual artifacts may be displayed. The areas of the main window may include a first area 1402 in which at least some of the risk factors of an appropriate technical risk assessment may be identified. In the illustrated examples, the first area may identify the five highest-scoring risk factors. A second area 1404 of the main window may include the risk scores for the identified risk factors, and their quantitative parameters including the likelihood, consequence, weight (in some examples the total weight), such as in a table 1406. A third area 1408 of the main window may include a risk matrix 1410 for the identified risk factors, and a fourth area 1412 of the main window may include a tornado diagram 1414 for the identified risk factors).

In respect to claim 19, Ng discloses the computing apparatus of claim 10, wherein the user interface additionally displays supplier contact information and management program membership information for the supplier (see at least [0055] ... The windows may include a main window 700 having a first area 702 in which information identifying a program, manufacturing supplier and product may be received).

Claim 20 recites substantially similar limitations to those found in claims 1 and 10, and is rejected using the same rationale. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over by Ng et al. (U.S. 2015/0186814, hereinafter Ng) in view of Vashistha (U.S. 2017/0193411).

In respect to claim 8, Ng discloses the method of claim 7, wherein the displaying the SRI along with additional supplier information in a supplier selection interface comprises using a grading convention and [color scheme based on the grading convention] (see at least [0051] FIGS. 4, 5 and 6 illustrate more particular examples of visual artifact(s) of a suitable single-supplier risk assessment, multiple-supplier risk assessment, and self-assessment, respectively, according to example implementations of the present disclosure in which the artifacts may be presented in the form of reports. As shown in FIG. 4, a single-supplier risk assessment report 400 may identify at least some of the risk factors of an appropriate technical risk assessment. In some examples, the report may include all of the risk factors, or only a subset of the risk factors such as a number ( e.g., five) of the highest-scoring risk factors. The report may include the risk scores 402 for the identified risk factors. In some examples, the report may also include related assessment data 404 from the technical risk assessment, such as the quantitative parameters for the identified risk factors including the likelihood, consequence and/or weight (in some examples the total weight). And as indicated above, the report may include a risk matrix 406 and/or tornado diagram 408 for the identified risk factors [i.e. a grading convention]).
	The only difference between the claimed invention and the art of record is the displaying of a color scheme based on the grading convention.  
	Analogous art Vashistha discloses displaying a color scheme based on the grading convention (see at least [0032] For presentation purposes, a color may be associated with each risk score range. For example, the color dark green may be associated with the risk score range of 1.0 to 2.0, the color light green may be associated with the risk score range of 2.1 to 4.0, the color yellow may be associated with the risk score range of 4.1-6.0, the color light red may be associated with the risk score range of 6.1 to 8.0, and the color dark red may be associated with the risk score range of 8.1 to 10.0).
	Since each individual element and its function are shown in the prior art, albeit shown in separate references, the differences between the claimed subject matter and the prior art rests not on any individual 
Thus, the simple combination of one known element with another producing a predictable result of allowing easier visual identification of risk,  renders the claim obvious. 
	
Claims 15 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over by Ng et al. (U.S. 2015/0186814, hereinafter Ng) in view of Simpson et al. (U.S. 2014/0122163, hereinafter Simpson). 

In respect to claim 15, Ng discloses the computing apparatus of claim 10, and while Ng discloses wherein the user interface additionally displays real-time risk information of the supplier (see at least [0030] The product storage 202 may be configured to store characteristic elements applicable to one or more products, and the technical-profile storage 204 may be configured to store technical-profile elements applicable to one or more manufacturing suppliers ... The technical-profile elements may relate to characteristics of a particular manufacturing supplier and/or its past performance. More particularly, for example, the technical-profile elements may include questions related to a supplier's technical performance ... communication, risk management; see further [0054] Again returning to FIG. 1, the STO risk assessment system 100 may further include a risk mitigation system 110 generally configured to establish risk descriptor(s) for each of one or more of the risk factors, and risk mitigation action(s) for each of one or more of the risk descriptors. In some examples, the risk descriptor for a risk factor may include a text-based expression such as a statement that describes one or more issues to the program that may be caused by the risk factor, and a risk factor may have one or more risk descriptors that may be established), it may not explicitly disclose wherein the user interface additionally displays real-time cyber risk information of the supplier.
	Analogous art Simpson discloses wherein the user interface additionally displays real-time cyber risk information of the supplier (see at least [0036] Operational risk analysis module 26 may use any suitable key word, word string, and/or logical relationship among search terms to categorize the data. For example, to categorize data as fraud and criminal, the data may relate to cyber security breaches; computer viruses; malicious code; phishing attacks; cyber attacks on networks, systems, or devices used by customers; sudden increases in customer transaction volume; or other suitable event that may be considered fraud and criminal. As another example, to categorize data as human malicious external events, the data may relate to cyber attacks...). 
	Since each individual element and its function are shown in the prior art, albeit shown in separate references, the differences between the claimed subject matter and the prior art rests not on any individual 
Thus, the simple combination of one known element with another producing a predictable result of using any risk factors deemed pertinent to a business, renders the claim obvious. 
	
In respect to claim, 16, the combined invention of Ng and Simpson discloses the computing apparatus of claim 15 (see Id), Ng further disclosing wherein the cyber risk information includes a details selector for immediately displaying underlying data used to determine the cyber risk information (see at least [0054] Again returning to FIG. 1, the STO risk assessment system 100 may further include a risk mitigation system 110 generally configured to establish risk descriptor(s) for each of one or more of the risk factors, and risk mitigation action(s) for each of one or more of the risk descriptors. In some examples, the risk descriptor for a risk factor may include a text-based expression such as a statement that describes one or more issues to the program that may be caused by the risk factor, and a risk factor may have one or more risk descriptors that may be established; see further [0057] And as further shown in FIG. 8, the windows of the GUI may include an area or window 800 such as a popup window in which guidelines for assignment of the risk rating for one or more of the characteristic elements may be displayed, and which in some examples may be accessed in response to selection of an appropriate control [Examiner noting that Simpson, as combined with Ng, discloses the cyber risk information]) .
	
Allowable Subject Matter
Claim 5 is  objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims, and if the independent claims were amended in such a way as to overcome the 35 USC 101 rejections. 
Conclusion
The prior art made of record and not relied upon considered pertinent to Applicant’s disclosure.
Thuve et al. (U.S. 2007/0203912) which discloses an engineering manufacturing analysis system;
Stenger (U.S. 2008/0140514), which discloses a method and system for risk evaluation and management.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN S MILLER whose telephone number is (571)270-5288.  The examiner can normally be reached on M-F 10am-6pm. Examiner’s fax phone number is (571) 270-6288.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eric Stamber can be reached on (571) 272-6724.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALAN S MILLER/Primary Examiner, Art Unit 3683                                                                                                                                                                                                        






	
	


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 See, e.g. Electric Power Group v Alstom S.A.  No. 2015-1778 (Fed. Cir. 1 August 2016): “And we have recognized that merely presenting the results of abstract processes of collecting and analyzing information, without more (such as identifying a particular tool for presentation), is abstract as an ancillary part of such collection and analysis. See, e.g., Content Extraction, 776 F.3d at 1347; Ultramercial, Inc. v. Hulu, LLC, 772 F.3d 709, 715 (Fed. Cir. 2014)”.
        
        
        2 “It is well-settled that mere recitation of concrete, tangible components is insufficient to confer patent eligibility to an otherwise abstract idea. Rather, the components must involve more than performance of “‘well understood, routine, conventional activit[ies]’ previously known to the industry.” Alice, 134 S. Ct. at 2359 (quoting Mayo, 132 S.Ct. at 1294)”. Id, pages 10-11.  “Likewise, the server fails to add an inventive concept because it is simply a generic computer that “administer[ s]” digital images using a known “arbitrary data bank system.” Id. at col. 5 ll. 45–46. But “[f]or the role of a computer in a computer-implemented invention to be deemed meaningful in the context of this analysis, it must involve more than performance of ‘well-understood, routine, [and] conventional activities previously known to the industry.’” Content Extraction, 776 F.3d at 1347–48 (quoting Alice, 134 S. Ct at 2359). “These steps fall squarely within our precedent finding generic computer components insufficient to add an inventive concept to an otherwise abstract idea. Alice, 134 S. Ct. at 2360 (“Nearly every computer will include a ‘communications controller’ and a ‘data storage unit’ capable of performing the basic calculation, storage, and transmission functions required by the method claims.”); Content Extraction, 776 F.3d at 1345, 1348 (“storing information” into memory, and using a computer to “translate the shapes on a physical page into typeface characters,” insufficient confer patent eligibility); Mortg. Grader, 811 F.3d at 1324–25 (generic computer components such as an “interface,” “network,” and “database,” fail to satisfy the inventive concept requirement); Intellectual Ventures I, 792 F.3d at 1368 (a “database” and “a communication medium” “are all generic computer elements”); BuySAFE v. Google, Inc., 765 F.3d 1350, 1355 (Fed. Cir. 2014) (“That a computer receives and sends the information over a network—with no further specification—is not even arguably inventive.”)”. TLI Communications LLC v. AV Automotive L.L.C., (No. 15-1372, (Fed. Cir. May 17, 2016)), at *12-13
        
        3 “Nor, in addressing the second step of Alice, does claiming the improved speed or efficiency inherent with applying the abstract idea on a computer provide a sufficient inventive concept. See Bancorp Servs., LLC v. Sun Life Assurance Co. of Can., 687 F.3d 1266, 1278 (Fed. Cir. 2012) (“[T]he fact that the required calculations could be performed more efficiently via a computer does not materially alter the patent eligibility of the claimed subject matter.”); CLS Bank, Int’l v. Alice Corp., 717 F.3d 1269, 1286 (Fed. Cir. 2013) (en banc) aff’d, 134 S. Ct. 2347 (2014) (“[S]imply appending generic computer functionality to lend speed or efficiency to the performance of an otherwise abstract concept does not meaningfully limit claim scope for purposes of patent eligibility.” (citations omitted))”. Intellectual Ventures I LLC v. Capital One Bank (USA), 792 F.3d 1363, 115 U.S.P.Q.2d 1636 (Fed. Cir. 2015). 
        
        
        4 Examiner noting that “inherent risk rating” is not explicitly or implicitly defined by Applicant’s specification; it merely states that “The method includes determining an inherent risk rating of the supplier based on risk attributes of the supplier”. 
        5 Noting Applicant’s specification states that SRI is based on three inputs, as such the total score is equivalent, as it uses the same three inputs.