Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.       This Office Action is in response to the Amendment filed on November 30, 2020, which paper has been placed of record in the file.
2.          Claims 1-20 are pending in this application. 



Claim Rejections - 35 USC § 101
3.        35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


            Note: Examiner points Applicant to the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

4.      Claims 1-20 are rejected under 35 U.S.C. 101 because the claim invention is directed to a judicial exception (i.e., law of nature, natural phenomenon, or abstract idea) without significantly more.
Independent claim 1, which is illustrative of the all independent claims and analyzing as the following:
         Step 1: Statutory Category? (is the claim(s) directed to a process, machine, manufacture or composition of matter?). Yes. The claims recite a method and, therefore, is a process.
           Step 2A - Prong 1: Judicial Exception Recited? (is the claim(s) recited a judicial exception (an abstract idea enumerated in the 2019 PEG, a law of nature, or a natural phenomenon). Yes. The claim recites the following limitations: extracting a plurality of features identified in organization data of an organization for a risk analysis…, obtaining a probability of occurrence associated with each data value…, identifying a plurality of candidate anomalous data values…, determining an intervention rate for a plurality of combinations of the candidate anomalous data values, generating one or more polies for the organization…, and initiating a generation of at least one authentication challenge for at least one of the user transaction, which is a method of organizing human activity (fundamental economic principles or practices including hedging, insurance, mitigating risk; managing personal behavior or relationships or interactions between people including social activities, teaching, and following rules or instructions), then it falls within the “Organizing human activity” grouping of abstract idea. Moreover, the claim recites the following limitations of identifying a plurality of candidate anomalous data values…, determining an intervention rate for a plurality of combinations of the candidate anomalous data values, generating one or more polies for the organization, and initiating a generation of at least one authentication challenge for at least one of the user transaction, as drafted, is a process that, under its broadest reasonable interpretation, “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
             Step 2A - Prong 2: Integrated into a Practical Application? (is the claim(s) recited additional elements that integrate the exception into a practical application of the exception). No. This judicial exception is not integrated into a practical application. In particular, the claim recites the additional elements of a processing device, a memory, a computer readable medium, and computer software instructions, and using the processing device to perform obtaining, identifying, determining, generating, and initiating steps. The processing device is recited at a high-level of generality (i.e., as a generic computing device performing a generic computer function of obtaining, identifying, determining, generating, and  initiating steps) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Each of the additional limitations is no more than mere instructions to apply the exception using a generic computer components (the processing device). The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer components. Each of the additional limitations is no more than mere instructions to apply the exception using a generic computer component (the computer). The combination of these additional the claim is directed to an abstract idea. 
          The Berkheimer Memorandum mandates that an additional element (or combination of elements) is not well-understood, routine or conventional unless the examiner finds, and expressly supports a rejection in writing with, one or more of the following: 
           (1) a citation to an express statement in the specification or to a statement made by an applicant during prosecution that demonstrates the well-understood, routine, conventional nature of the additional element(s); 
           (2) a citation to one or more of the court decisions discussed in MPEP § 2106.05(d)(II) as noting the well-understood, routine, conventional nature of the additional element(s); 
           (3) a citation to a publication that demonstrates the well-understood, routine, conventional nature of the additional element(s); or 
           (4) a statement that the examiner is taking official notice of the well-understood, routine, conventional nature of the additional element(s), which satisfies the requirements set forth in MPEP § 2144.03. 
            In this case, the present Specification described in figure 6, as using a general-purpose computer and available commercial products to perform the method. Thus, the applicant provides (1) a citation to an express statement in the specification or to a 
	Step 2B: Claim provides an Inventive Concept? (is the claim(s) recited additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception). No. As discussed with respect to Step 2A Prong Two, the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception on a generic computer cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. For these reasons there is no inventive concept in the claim, and thus the claim is not patent eligible.
         The dependent claims do not add limitations that meaningfully limit the abstract idea. The dependent claims do not impart patent eligibility to the abstract idea of the independent claim. The dependent claims rather further narrow the abstract idea and the narrower scope does not change the outcome of the two part Mayo test. Narrowing the scope of the claims is not enough to impart eligibility as it is still interpreted as an abstract idea, a narrower abstract idea. Therefore none of the dependent claims alone or as an ordered combination add limitations that qualify as significantly more than the abstract idea. 
          Regarding independent claims 9 and 15, Alice Corp. establishes that the same analysis should be used for all categories of claims. Therefore, independent claim 9 directed to a system, independent 15 directed to a medium, are also rejected as ineligible 
          Accordingly, claims 1-20 are not draw to eligible subject matter as they are directed to an abstract idea without significantly more and are rejected under 35 USC § 101 as being directed to non-statutory subject matter.




                                                 Claim Rejections - 35 USC § 103

5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.     Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Oktem et al. (hereinafter Oktem, US 2013/0063264) in view of Alnajem (US 2017/0300911).
            Regarding to claim 1, Oktem discloses a method, comprising:
           extracting a plurality of features identified in organization data of an organization for a risk analysis, wherein a given feature comprises a plurality of data values, wherein each data value for the given feature comprises one or more of a discrete value of the given feature and a range of values for the given feature (para [0068], Alarm Fitness system (AF) is designed to exploit most "raw alarm data" recorded by "distributed control system" (DCS) and "emergency shutdown" (ESD) database systems, and converted to a knowledge base on "risk-based alarm data analysis." "Raw Alarm data" is related to the process data since alarms are based on set values of process variables (also termed "process parameters" in literature). Notably, each variable is equipped by an alarm if identified as an important variable; para [0109], Classify a flood as .DELTA..sub.3, if the value of each criterion associated with that flood is above X.sub.3th percentile of the values for that criterion calculated using the training period (as explained above). Here, the value of X.sub.3 ranges between [50, 100)--typical value is 75);
           obtaining a probability of occurrence associated with each data value based on the organization data (para 0007], The method is based upon measurement of one or more variables, and/or utilization and management of the concept of "hidden near-miss(es)" to identify a change or escalation, if any, in the probability of the occurrence of an adverse incident. The methodology of the invention is termed the Dynamic Risk Predictor Suite (DRPS), and is actually a combination of a plurality of subsets (also useful independently) of dynamically calculated leading risk indicators for dynamic risk management);
           identifying, using at least one processing device, a plurality of candidate anomalous data values based on the probabilities of occurrence (para [0160], A method AF302 to identify the riskiest abnormal events in a given time period (shift, daily, weekly, monthly) is schematically illustrated in FIG. 11. This is used to identify (a) riskiest abnormal events for a given variable, within a time period, and/or (b) riskiest abnormal events for a group of variables, within a time period. This helps the plant/facility personnel to prioritize the abnormal events and focus first on the ones that are most important to safety or operation);
           determining, using at least one processing device, an intervention rate for a plurality of combinations of the candidate anomalous data values (para 0162], when a group of variables is considered, weighting factors are assigned among the risk scores--with higher values for important variables. Then, a list of abnormal events in decreasing order of their risk scores is prepared to identify the riskiest abnormal events in a given time period (see step AF302d of FIG. 11)); and
           automatically generating, using at least one processing device, one or more policies for the organization using one or more of the combinations of candidate anomalous data values based on a corresponding intervention rate, wherein the one or more policies are used to detect one or more risk-related events (para [0319], By organizing the variables according to their Compounded Risk Score, identification of those variables is enabled that deviate most from their normal operations. The Compounded Risk Score for a group of variables is calculated by taking the highest value of compounded risk scores associated with the given group of variables. In both the diagram provided as FIG. 30 and the bar graph in FIG. 31, an exemplary Compounded Risk Score is provided for Variable A over a period of 6 weeks. As seen the bar at three weeks prior to the current week (designated "last week"), the compounded risk score was Z3 (Grade 5). At 5 weeks prior to the same current week, there was a shutdown, which overrode other risk factors in that week--hence, the compounded risk score is indicated as `Shutdown,` shown as a black bar. Thus, "compounded risk score" calculations are applicable for a variable, group of variables, unit, interlock, or overall plant/facility over a period of time).
           Oktem does not disclose, however, Alnajem discloses:
           detect one or more risk-related events associated with user transactions of the organization; and initiating, based on the one or more policies, a generation of at least one authentication challenge for at least one of the user transactions (para [0008], A first aspect of the present invention is a system for evaluating risk in an electronic banking transaction by estimating an aggregated risk value from a set of risk factors that are either dependent or independent of each other, comprising: user input means for enabling an end user to remotely provide authentication information related to a desired electronic banking transaction; financial institution authentication means for authenticating that an end user is authorized to conduct the desired electronic transaction; risk computation means for imposing authentication requirements upon the end user in adaptation to a risk value of the desired banking electronic banking transaction based in part upon a location of the end user; transaction session means for tracking an amount of time that the desired electronic banking transaction is taking; and financial institution transaction means for storing data related to the desired electronic banking transaction)
          Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Oktem’s to add authentication challenge for at least one of the user transactions as taught by Alnajem above, for the purpose of enhancing the security level when evaluating risk of an organization.  Since Oktem teaches evaluating risk of an organization include financial institution (see Abstract, Provided are methodologies to properly assess and manage operational risks at operations sites, e.g., a manufacturing, production or processing facility, such as a refinery, chemical plant, fluid-catalytic-cracking units, or nuclear energy plant, or a biological or waste management facility, airport or even financial institutions, or at any facility in which operations are often accompanied by risk associated with many high-probability, low-consequence events, often resulting in near-misses), Alnajem teaches evaluating risk of a financial institution includes authentication challenge for at least one of the user transactions, as discussed above, therefore, one of ordinary skill in the art would have recognized that the combination of Oktem and Alnajem would have yield predictable results in improving of evaluating risk of an organization.
           Regarding to claim 2, Oktem discloses the method of claim 1, further comprising the step of combining two or more of the identified features into a multi-dimensional feature (paras [0148-0153], Scale Determination of an Abnormal Event and Formulation of Abnormal Events Matrix).
           Regarding to claim 3, Oktem discloses the method of claim 1, further comprising the step of discretizing one or more continuous features into said range of values for the one or more continuous features (para [0145], An abnormal event begins (step AF301b) when a variable moves beyond a normal operating range (defined as the region within the predetermined high and low alarms), and ends when the variable returns to within the normal operating range between the alarm settings. Therefore, when an abnormal event happens, one or more alarms are triggered).
          Regarding to claim 4, Oktem discloses the method of claim 1, wherein the identifying step further comprises the step of comparing the probabilities of occurrence to a predefined anomaly threshold (para [0154],  Thresholds are calculated for at least a "Normal Operations Zone" (or band), a "Moderate Frequency Zone" (or band), and an "Extreme Frequency Zone" (or band)).
          Regarding to claim 5, Oktem discloses the method of claim 1, wherein the generating step further comprises the step of selecting a given combination of candidate anomalous data values when the corresponding intervention rate satisfies a predefined intervention rate threshold (para [0146], Depending upon the highest level of alarm(s) associated with the abnormal event, three criticalities have been defined in the literature (Pariyani et al., supra, 2010a and 2010b; Pariyani et al., supra 2012a and 2012b), as follows: (a) "least-critical abnormal events" that cross the H1/L1 alarm thresholds, (b) moderately-critical abnormal events that cross H2/L2 alarm thresholds, and (c) most-critical abnormal events that cross the ESD thresholds).
          Regarding to claim 6, Oktem discloses the method of claim 1, wherein the generating step further comprises the step of selecting a combination of the candidate anomalous data values having a smallest number of features (para [0035], FIG. 12 diagrammatically depicts scale determination of a typical abnormal event and a corresponding abnormal event matrix, wherein one peak is above the H2 alarm level. Scale of an abnormal event is defined in terms of stage of the abnormal event and criticality of the abnormal event).
           Regarding to claim 7, Oktem discloses the method of claim 1, further comprising the step of assessing a performance of the one or more generated policies (para [0083], Another utility of these charts is to permit plant/facility personnel to compare the performance of an alarm system over different time periods).
Regarding to claim 8, Oktem discloses the method of claim 1, further comprising the steps of:
          training a risk engine using a supervised machine learning technique (para [0253], To calculate the Criticality Levels, first, a training period is selected and transitions in that period are identified. The recommended range for a training period is 1 month to 2 years, typically 6 months. Next, for each transition (in test period), the three criteria defined above are calculated. Then, for each of the three criteria, different percentile levels (e.g., 25th, 50th, 60th, 70th, 75th, 90th, etc.) are determined from the values for all of the transitions during the training period); and
          transitioning from the one or more generated policies to the risk engine based on estimated risk detection rates of the risk engine and the one or more generated policies (para [0048], FIG. 25 schematically illustrates the Dynamic Risk Analyzer system (DRA) and its three components, denoted by 1) a Prominent Transitions Analysis (DRA100), including a subset Grading and Ranking of Transitions and Prominent Transitions for Discrete Sigma Levels; 2) a Dynamic Risk Index (DRA200); and 3) a Compounded Risk Score (DRA300)).
         Regarding to claims 9-14, Oktem discloses a system comprising:
         a memory; and at least one processing device, coupled to the memory (para [0068], Alarm Fitness system (AF) is designed to exploit most "raw alarm data" recorded by "distributed control system" (DCS) and "emergency shutdown" (ESD) database systems, and converted to a knowledge base on "risk-based alarm data analysis”), operative to implement the steps described in claims 1-8 above, therefore are rejected by the same rationale.
Claims 15-20 are written in medium and contain the same limitations found in claims 1 and 4-8 above, therefore, are rejected by the same rationale.



                                        Response to Arguments/Amendment
7.         Applicant's arguments with respect to claims 1-20 have been fully considered but are not persuasive.
      
            I. Claim Rejections - 35 USC § 101
              Claims 1-20  are rejected under 35 U.S.C. 101 because the claim invention is directed to a judicial exception (i.e., law of nature, natural phenomenon, or abstract idea) without significantly more based on the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG). (See details above).
              The claimed invention is not integrated into a practical application. In particular, the claim recites the additional elements of “extracting a plurality of features identified in organization data of an organization for a risk analysis, wherein a given feature comprises a plurality of data values; and automatically generating, using at least one processing device, one or more policies for the organization using one or more of the combinations of candidate anomalous data values based on a corresponding intervention rate, wherein the one or more policies are used to detect one or more risk-related events …”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, automatically using a computer”, nothing in the claim elements preclude the steps from practically being performed in the mind. The mere nominal recitation of a generic computing device does not take the claim limitation out of the mental processes grouping. Thus, if a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
            Moreover, the claimed invention is not integrated into a practical application. In particular, the claim recites the additional elements of “extracting a plurality of features identified in organization data of an organization for a risk analysis, wherein a given feature comprises a plurality of data values; and automatically generating, using at least one processing device, one or more policies for the organization using one or more of the combinations of candidate anomalous data values based on a corresponding intervention rate, wherein the one or more policies are used to detect one or more risk-related events …”, which do not amount to significantly more than the abstract idea because they do not provide any improvements to another technology or technical field, improvements to the functioning of the computer, they are just merely used for manipulating and generating data, they do not amount to an inventive concept. The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer component. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Therefore, the claims do not amount to the claim is not patent eligible.
           In addition, the claimed invention is not integrated into a practical application. In particular, the claim recites the additional elements of “training a risk engine using a supervised machine learning technique; and transitioning from the one or more generated policies to the risk engine based on estimated risk detection rates of the risk engine and the one or more generated policies”, which do not amount to significantly more than the abstract idea because they do not provide any improvements to another technology or technical field, improvements to the functioning of the computer, they are just merely used for manipulating data. Therefore, the claims do not amount to significantly more than the abstract idea. For these reasons there is no inventive concept in the claim, and thus the claim is not patent eligible.
            Accordingly, the 101 rejection is maintained.
      
           II. Claim Rejections - 35 USC § 102
             New ground of 103 rejection described above.

                                  
                                                                Conclusion
8.        Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


9.          Claims 1-20 are rejected.
10.     The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure:
            Poirel et al. (US 2020/0019891) disclose processing the labeled event to extract a feature from the labeled event, the processing providing a feature associated with an event.
            Luiggi et al. (US 2020/0076843) disclose methods for identifying security risks to a computer system based on a distribution of categorical features of events.

11.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner NGA B NGUYEN whose telephone number is (571) 272-6796.  The examiner can normally be reached on Monday-Friday 7AM-5PM.
          Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eric Stamber can be reached on (571) 272-6724.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/NGA B NGUYEN/Primary Examiner, Art Unit 3683                                                                                                                                                                                                                                                                                                                                                                                                               
February 23, 2021