Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04 December 2020 has been entered.
Response to Arguments
Regarding the 35 USC 101 rejection, Examiner has fully considered Applicant’s arguments and amendments.
Examiner has fully considered Applicant’s arguments regarding the claim amendments relative to the variety of technical issues addressed by the present claims.  
Regarding limitation (b), Examiner respectfully disagrees with Applicant’s assertions. In particular, the present claims recite an individual performing the steps of discovering an issue with a computing platform. The system used to facilitate the finding of said issue is not performing this step itself, such as in an automated fashion. Furthermore, step (c) does not disclose the reproduction actively occurring by the system. Rather, the limitation indicate that the report fabricated by a paid individual discloses the means to reproduce the found issue. 
Regarding claim 20, Examiner has fully considered the newly added claim. Examiner respectfully disagrees with Applicant’s assertions. The claim describes the details of the issue derived by the individual, which is not sufficient to prove integration into a practical application. 
Accordingly, the present claims are rejected under 35 USC 101. 
Regarding the 35 USC 103 rejection, Examiner has fully considered Applicant’s arguments and amendments.
Examiner has fully considered the new amendments in light of Applicant’s arguments that the Supervisor belongs to a “third party.” Examiner has provided a new primary reference, Kaplan, to meet the new limitations. The Kaplan reference specifically discloses the intermediary facilitator between the vulnerable computing system owner and the plurality of researchers. See the detailed rejection below. 
Accordingly, the present claims are rejected under 35 USC 103. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 USC 101 because the claimed invention is directed to a judicial exception (i.e. abstract idea) without anything significantly more.
Step 1: Claims 1-10 are directed to a method and claims 11-20 are directed to an apparatus. Therefore, claims 1-19 are directed to patent eligible categories of invention. 
Step 2A, Prong 1: Claims 1 and 11 are directed to a workflow for customers and researches in a submission setting, constituting an abstract idea based on “Certain Methods of Organizing Human Activity” related to managing interactions between individuals, including following rules or instructions. Claim 1 (and similarly in claim 10) recites the limitations of “(b) providing said target brief to contain instructions for a researcher amongst said community of researchers, for accessing and testing a target, said researcher performing said accessing and said testing of said target and discovering at least one issue associated with said target; (d) starting said timer when said submission is presented by a supervisor to said customer for a customer examination, said supervisor belonging to an entity distinct from said customer and said researcher; (e) paying said researcher based on a status of said submission as determined by said customer examination; (f) requesting more information on behalf of said customer from said researcher and restarting said timer based on said status of said submission; (g) mediating by 
Dependent claims 2-6, 8, 12-16, 18, and 20 further narrow the abstract idea identified in the independent claims.
Dependent claim 7, 9, 10, 17, 19 will be evaluated under step 2A, prong 2. 
Step 2A, Prong 2:
Dependent claims 2-6, 8, 12-16, 18, and 20 further narrow the abstract idea identified in the independent claims, which does not integrate the judicial exception into a practical application. 
Dependent claims 7 and 17 are directed to the “issues reporting platform” being hosted on a public, private, or semi-private cloud. This is merely generally linking the use of the judicial exception to cloud computing. This is supported by the finding that the specification, specifically page 18 lines 2-5 rely on “techniques known in the art” to support the utilization of cloud computing. The claims do not provide any improvement to the field of cloud computing, or to functioning of the computer or any other technology or technical field. Therefore, the judicial exception is not integrated into a practical application.
Dependent claims 9 and 19 are directed to “utilizing one or both of supervised and unsupervised machine learning during said third-party examination.” This is merely generally linking the use of the judicial exception to “machine learning.” This is supported by the finding that the specification, in particular page 30 lines 12-13 disclose the techniques are “machine learning tools known in the art.” This indicates that there is no improvements to the machine learning techniques, or to any other technology or technical field. Therefore, the judicial exception is not integrated into a practical application. 
Dependent claim 10 is directed to “said issues reporting platform performs its functions in one of a partially automated and a fully automated manner.” This is generally linking the use of the judicial exception to a particular technological environment. This is supported by the finding that the disclosure, specifically page 16 line 20 to page 17 line 9 teach that either a user can perform functions, which is abstract, or is “partially or fully automated utilizing techniques known in the art,” which does not provide any improvement to the automation of the functions. Therefore, the judicial exception is not integrated into a practical application.
Therefore, the dependent claims do not integrate the judicial exception into a practical application. 
Step 2B: The independent claims do not contain anything significantly more than the judicial exception. The additional elements are recited at a high level of generality and conventional computer 
Dependent claims 2-6, 8, 12-16, 18, and 20 further narrow the abstract idea identified in the independent claims, which is not anything significantly more than the judicial exception. 
Dependent claims 7 and 17 are directed to the “issues reporting platform” being hosted on a public, private, or semi-private cloud. This is merely generally linking the use of the judicial exception to cloud computing. This is supported by the finding that the specification, specifically page 18 lines 2-5 rely on “techniques known in the art” to support the utilization of cloud computing. The claims do not provide any improvement to the field of cloud computing, or to functioning of the computer or any other technology or technical field. Therefore, these dependent claims do not include anything significantly more than the judicial exception. 
Dependent claims 9 and 19 are directed to “utilizing one or both of supervised and unsupervised machine learning during said third-party examination.” This is merely generally linking the use of the judicial exception to “machine learning.” This is supported by the finding that the specification, in particular page 30 lines 12-13 disclose the techniques are “machine learning tools known in the art.” This indicates that there is no improvements to the machine learning techniques, or to any other technology or technical field. Therefore, these dependent claims do not include anything significantly more than the judicial exception.
Dependent claim 10 is directed to “said issues reporting platform performs its functions in one of a partially automated and a fully automated manner.” This is generally linking the use of the judicial exception to a particular technological environment. This is supported by the finding that the disclosure, specifically page 16 line 20 to page 17 line 9 teach that either a user can perform functions, which is abstract, or is “partially or fully automated utilizing techniques known in the art,” which does not provide any improvement to the automation of the functions. Therefore, these dependent claims do not include anything significantly more than the judicial exception.
Accordingly, claims 1-20 are rejected under 35 USC 101 because the claimed invention is directed to a judicial exception (i.e. abstract idea) without anything significantly more.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-2, 7-8, 10-12, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Kaplan et al. (US 10915636 B1) in view of Rogers (US 20080162368 A1) and in view of Bhaskaran et al. (US 20180365628 A1).

Regarding claim 1, Kaplan teaches a computer-implemented method for improving expectations setting between a community of customers and a community of researchers in a crowdsourced environment supported by an issues reporting platform (Col 4 lines 8-16 teach a service provider having a contractual relationship with a third party owner of a computer system and having a separate contractual relationship with a plurality of computer security researchers), said method executing computer program instructions stored in a non-transitory storage medium, said method comprising the steps of:
(a) inputting by a customer using one or more user interface (UI) screens into said issues reporting platform, a target brief and a timer length, said customer amongst said community of customers (Col 4 lines 8-16 teach a service provider having a contractual relationships with third party owners of computer systems, wherein Col 4 lines 25-29 teach a third party computing system owner can produce records of the applications that they wish to have evaluated for computer vulnerabilities, wherein Col 13 lines 9-32 describe the application interface utilized by the computing system owning customer to access the project information, AND wherein Col 14 lines 59-63 teach providing researchers with awards ;
 (b) providing said target brief to contain instructions for a researcher amongst said community of researchers, for accessing and testing a target (Col 5 lines 34-40 teach providing a summary of a record of a particular computer vulnerability project and access location of the service provider to the particular researcher, and optionally zero other researchers; see also: Col 5 lines 56-65), said researcher performing said accessing and said testing of said target and discovering at least one issue associated with said target (Col 5 line 66 to Col 6 line 16 teach logging and monitoring the researcher as the access the target computer system for the vulnerability research project); 
(c) inputting a submission by said researcher using one or more UI screens, into said issues reporting platform (Col 6 lines 29-37 teach receiving a report of a candidate security vulnerability from a particular researcher, wherein the report specifies the vulnerability and identifies the target system), said submission based on and containing steps required to reproduce said at least one issue associated with said target (Col 6 lines 29-37 teach receiving a report of a candidate security vulnerability from a particular researcher, wherein Col 6 lines 40-43 teach the report contains a sequence of operations provided for re-performing the identified security vulnerability); 
(d) starting said timer when said submission is presented by a supervisor to said customer for a customer examination (Col 6 line 63 to Col 7 line 2 teach a report describing the vulnerability is provided to the owner of the computing system that was tested, wherein Col 13 lines 9-32 describe the application interface utilized by the computing system owning customer to access the project information including the report), said supervisor belonging to an entity distinct from said customer and said researcher (Col 4 lines 8-16 teach a service provider having a contractual relationship with a third party owner of a computer system and having a separate contractual relationship with a plurality of computer security researchers); 
(e) paying said researcher based on a status of said submission… (Col 6 lines 38-62 teach that upon validating the completion of the vulnerability project by the researcher, then the researcher may be paid a fee);
(f) requesting more information on behalf of said customer from said researcher… (Col 11 lines 38-46 teach the evaluation of the vulnerability may also comprise verifying the quality of the submission and requesting more information if needed);
and (h) informing said customer and said researcher and closing said submission… (Col 6 lines 63-67 teach notifying the third party system owner that the validated security vulnerability has been found by the researcher, and wherein Col 6 lines 38-62 teach that upon validating the completion of the vulnerability project by the researcher, then the researcher may be paid a fee).
Although Kaplan teaches portions of (e), (f), and (h), Kaplan does not explicitly teach (e) paying said researcher based on a status of said submission as determined by said customer examination; (f) requesting more information on behalf of said customer from said researcher and restarting said timer based on said status of said submission; (g) mediating by said supervisor and pausing said timer based on said status of said submission; and (h) informing said customer and said researcher and closing said submission based on a duration of time that said timer has been running relative to said timer length.
From the same or similar field of endeavor, Rogers teaches (d) starting said timer when said submission is presented by 21a supervisor to said customer for a customer examination (paragraph [0030] teaches a clock may be shown to inform customers of the time remaining on a listing before the dispute is scheduled to be resolved or how long the dispute has been pending, wherein paragraph [0032] both the customer and the service provider (i.e. supervisor) can update the item as needed until resolution; see also: [0040-0042, 0050-0052]);
(f) requesting more information on behalf of said customer from said researcher and restarting said timer, based on said status of said submission (paragraph [0041] teaches that based on ;
30(g) mediating by said supervisor and pausing said timer, based on said status of said submission (paragraph [0051] teaches a manager can stop the system timer if they believe the customer is correct in submitting the dispute, wherein paragraph [0052] after the dispute is closed, the customer can disagree and the system timer can restart; see also: [0040-0044])
and (h) informing said customer and said researcher and closing said submission based on a duration of time that said timer has been running relative to said timer length (paragraph [0051] teaches that if the representative of the service provider determines to change the status to close based on their findings, then the system timer is automatically stopped, wherein paragraph [0053] teaches the dispute items can be indicated based on a colored processing chart indicating the severity of the duration of time for the running of the item, which in paragraph [0061] can be tracked from the commencement of the beginning of the dispute to resolution).
While Rogers does not explicitly evaluate target testing related issues, Rogers presents a solution to a problem reasonably pertinent to the claimed invention. For example, as explained above, Kaplan addresses the testing and evaluation of a customer target for issues; however, Kaplan does not explicitly address the claimed manner of timing the customer. Rogers presents a solution to a problem reasonably pertinent to the claimed invention. In Kaplan, one is managing the relations between a customer and testing service platform for the identification of issues. Analogously, in Rogers, one is managing the relations between a user and a network platform for the resolution of issues. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Kaplan to incorporate the teachings of Rogers to include (d) starting said timer when said submission is presented by 21a supervisor to said customer for a customer examination; 15/847,608 (BGC-102-US)Page 3 Amendment A22 (f) requesting more information on behalf of said customer from said researcher and restarting said timer, based on said status of said submission; 30(g) mediating by said supervisor and pausing said timer, based on said status of said submission; and (h) informing said customer and said researcher and closing said submission based on a 
Although Kaplan teaches (e) paying said researcher based on a 24status of said submission (see at least [0159, 0176, 0198]), the combination of Kaplan and Rogers does not explicitly teach (e) paying said researcher based on a 24status of said submission as determined by said customer 25examination. 
From the same or similar field of endeavor, Bhaskaran teaches (e) paying said researcher based on a 24status of said submission as determined by said customer 25examination (paragraph [0360] teaches the Project Manager can raise customer invoices at the end of each sprint once all Spring deliverables have been accepted (i.e. based on status of said submission) by the Customer, wherein Fig. 30-1 and paragraph [0151] teach producing a report that lists all invoices and payment status, wherein paragraph [0238] the freelancers are paid at the end of each sprint; see also: [0197-0199, 0242-0245]).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan and Rogers to incorporate the teachings of Bhaskaran to include (e) paying said researcher based on a 24status of said submission as determined by said customer 25examination. One would be motivated to do so in order to provide accuracy rating indicating the Project Manager’s diligence on a specific contract in making payments for the freelance that are consistently accurate throughout the life of the contract (Bhaskaran, [0285]). By incorporating Bhaskaran into the teachings of Kaplan , one would yield appropriately positive customer satisfaction feedback based on the finished project, thus leading to an improved new business potential for the Project Manager (Bhaskaran, [0189]).  
Regarding claim 11, the claim recites limitations already addressed by the rejection of claim 1. Regarding claim 11, Kaplan teaches a crowdsourced platform for improved expectation setting 2between a  89. Therefore, the rejection of claim 1 as being unpatentable over Kaplan in view of Rogers in view of Bhaskaran applies to claim 11.

Regarding claims 2 and 12, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claims 1 and 11 above.
	Kaplan further teaches wherein said at least one issue is a security 2vulnerability issue in said target whose remediation 3makes said target more secure (Col 2 lines 51-55 teach identifying a candidate security vulnerability issue of a particular network under test).

	Regarding claims 7 and 17, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claims 1 and 11 above.
	Kaplan further teaches said issues reporting 2platform is hosted in one of a private cloud (Col 4 lines 31-39 teach testing for security and network vulnerability for cloud computing instances).

	Regarding claim 8, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claim 1 above.
Kaplan further teaches first performing a third-party examination by said supervisor in said step (d) to 3determine if said submission is valid before said starting 4of said timer (Col 6 lines 38-62 teach that upon validating the completion of the vulnerability project by the researcher, then the researcher may be paid a fee, and wherein Col 14 lines 59-63 teach providing researchers with awards .

Regarding claim 10, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claim 1 above.
Kaplan further teaches CocConsaid issues reporting 2platform performs its functions in one of a partially 3automated and a fully automated manner (Col 5 line 66 to Col 6 line 16 teach logging and monitoring the researcher as the access the target computer system for the vulnerability research project (i.e. partially automated), and wherein Col 8 lines 53-67 teach an automatic scanning system that can be coupled to the network requiring testing).  

Regarding claim 18, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claim 11 above.
Kaplan further teaches ssssaid supervisor performs 2a third-party examination on said submission to determine 3if said submission is valid (Col 6 lines 38-62 teach that upon validating the completion of the vulnerability project by the researcher, then the researcher may be paid a fee, and wherein Col 14 lines 59-63 teach providing researchers with awards based on their achievements, wherein the awards can be given over a particular reward period, such as a particular month).


Claims 3, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kaplan et al. (US 10915636 B1) in view of Rogers (US 20080162368 A1) and in view of Bhaskaran et al. (US 20180365628 A1) and further in view of Conway (US 20170220972 A1).

Regarding claims 3 and 13, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claims 1 and 11 above.
said at least one issue is a usability 2issue in said target whose remediation makes said target 3more user-friendly.
	From the same or similar field of endeavor, Conway teaches said at least one issue is a usability 2issue in said target whose remediation makes said target 3more user-friendly (paragraphs [0132-0136] teach the client software being tested for usability tests, such that bugs or faults relating to usability issues are identified; see also: [0153, 0255]).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan, Rogers, and Bhaskaran to incorporate the teachings of Conway to include said at least one issue is a usability 2issue in said target whose remediation makes said target 3more user-friendly. One would have been motivated to do so in order to identify any faults and errors within a software program in order to correct them, which may prevent any security threats or issues with the software performing its intended task (Conway, [0003]). By incorporating Conway into Kaplan, one would have been able to ensure the best possible individuals are employed in reviewing products (Conway, [0004]). 

Regarding claim 20, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claim 11 above.
	However, Kaplan does not explicitly teach wherein said at least one issue 2is one of a Quality Assurance (QA) issue whose remediation 3makes said target more stable, or a customer service issue 4whose remediation improves said target, or a logistical issue 5whose remediation improves said target.
	From the same or similar field of endeavor, Conway teaches wherein said at least one issue 2is one of a Quality Assurance (QA) issue whose remediation 3makes said target more stable (paragraph [0114] teaches quality assurance for hardware products and more technological aspects of the system).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan, Rogers, and Bhaskaran to incorporate the .

Claims 4-5, 9, 14-15, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kaplan et al. (US 10915636 B1) in view of Rogers (US 20080162368 A1) in view of Bhaskaran et al. (US 20180365628 A1) and further in view of Wescoe et al. (US 10,243,904 B1).

1Regarding claims 4 and 14, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claims 1 and 11 above.
However, Kaplan does not explicitly teach said target is an internet 2of things (IOT) device.  
From the same or similar field of endeavor, Wescoe teaches said target is an internet 2of things (IOT) device (Col 4 lines 20-23 teach the electronic device can be any number of devices that are internet-of-things, wherein Col 3 lines 17-25 teach the device is tested for cybersecurity).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan, Rogers, and Bhaskaran to incorporate the teachings of Wescoe to include said target is an internet 2of things (IOT) device.  One would be motivated to do so in order to produce more accurate results for the simulated phishing campaign, which will in turn get the most value out of their efforts (Wescoe, Col 1 lines 32-37). By incorporating Wescoe into the combination, one would expose cybersecurity risks and reduce the likelihood of enabling unauthorized third parties from accessing the organization’s systems (Wescoe, Col 1 lines 11-15, 26-31). 

Regarding claim 5, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claim 4 above.
However, Kaplan does not explicitly teach wherein said IOT device is a 2smart-fridge.  
From the same or similar field of endeavor, Wescoe further teaches wherein said IOT device is a 2smart-fridge (Col 4 lines 20-23 teach the electronic device can be an internet-of-things including a smart refrigerator, wherein Col 3 lines 17-25 teach the device is tested for cybersecurity).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan, Rogers, and Bhaskaran to incorporate the teachings of Wescoe to include wherein said IOT device is a 2smart-fridge. One would be motivated to do so in order to produce more accurate results for the simulated phishing campaign, which will in turn get the most value out of their efforts (Wescoe, Col 1 lines 32-37). By incorporating Wescoe into the combination, one would expose cybersecurity risks and reduce the likelihood of enabling unauthorized third parties from accessing the organization’s systems (Wescoe, Col 1 lines 11-15, 26-31). 



	Regarding claims 9 and 19, the combination of Kaplan, Rogers, and Bhaskaran teach all the limitations of claims 8 and 18 above.
	However, Kaplan does not explicitly teach one or both of 2supervised and unsupervised machine learning are utilized during said third-party examination (Col 5 lines 11-26 teach building a machine learning model that can determine the legitimacy of the exposed, potentially malicious threat, which is done as an automated analysis).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan, Rogers, and Bhaskaran to incorporate the teachings of Wescoe to include one or both of 2supervised and unsupervised machine learning are utilized during said third-party examination. One would be motivated to do so in order to produce more accurate results for the simulated phishing campaign, which will in turn get the most value out of their efforts (Wescoe, Col 1 lines 32-37). By incorporating Wescoe into the combination, one would expose 

Regarding claim 15, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claim 14 above.
However, Kaplan does not explicitly teach wherein said IOT device is 2a smart-thermostat.  
From the same or similar field of endeavor, Wescoe teaches wherein said IOT device is 2a smart-thermostat (Col 4 lines 20-23 teach the electronic device can be an internet-of-things including a smart thermostat, wherein Col 3 lines 17-25 teach the device is tested for cybersecurity).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan, Rogers, and Bhaskaran to incorporate the teachings of Wescoe to include wherein said IOT device is 2a smart-thermostat. One would be motivated to do so in order to produce more accurate results for the simulated phishing campaign, which will in turn get the most value out of their efforts (Wescoe, Col 1 lines 32-37). By incorporating Wescoe into the combination, one would expose cybersecurity risks and reduce the likelihood of enabling unauthorized third parties from accessing the organization’s systems (Wescoe, Col 1 lines 11-15, 26-31).


Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Kaplan et al. (US 10915636 B1) in view of Rogers (US 20080162368 A1) in view of Bhaskaran et al. (US 20180365628 A1) and further in view of King (US 20100100930 A1).

1Regarding claims 6 and 16, the combination of Kaplan, Rogers, and Bhaskaran teaches all the limitations of claim 1 above.
However, Kaplan does not explicitly teach said timer length represents 2a response-time for a service level agreement (SLA) 3between said customer and said researcher.
said timer length represents 2a response-time for a service level agreement (SLA) 3between said customer and said researcher (paragraph [0117] teaches the service provider professionals and the customer have an executed service level agreement including analysis and notification of threats within a specified time limit and period reporting requirements).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Kaplan, Rogers, and Bhaskaran to incorporate the teachings of King to include said timer length represents 2a response-time for a service level agreement (SLA) 3between said customer and said researcher. One would be motivated to do so in order to assist the customer in acting on vulnerabilities and security breaches detected, wherein the user has to analyze and respond to the threats in a specified time limit (King, [0117]). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Wang (US 20180211724 A1) discloses in at least paragraphs [0142, 0166] teach producing a timer for a billing request
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Sara G Brown whose telephone number is (469)295-9145.  The examiner can normally be reached on M-Th 8:00 am- 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Epstein can be reached on (571) 270-5389.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/S.G.B./Examiner, Art Unit 3683                                                                                                                                                                                                        





/BRIAN M EPSTEIN/Supervisory Patent Examiner, Art Unit 3683