DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim12 and 19 objected to because of the following informalities:
Regarding claim 12, the claim recites a data bus which is inactive in the claim (i.e, it is just coupled to the medium). It is recommended to the applicant to have the data bus perform some function of the system such that then the bus is active.    
Regarding claim 12 and 19, the claims recite instructions/code that is executable in the claims. This renders the code inactive. It is recommended to the applicant to recite that the code “when executed by the processor…” such that then the code is active. 
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 1, 12 and 19 rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) the steps of monitoring behavior of a plurality of users to construct a contagion map, receiving and analyzing a stream of events to identify a critical event, generating a propagated risk score and generating an adaptive response. 
The limitation of determining the amount of use of each icon over a predetermined period of time, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by a processor,” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “by a processor” language, “monitoring” in the context of this claim encompasses the user watching a group of individuals and manually generating a map. Similarly, the limitation of “receiving and analyzing”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. For example, but for the “by a processor” language, “generating”  in the context of this claim encompasses the user creating a risk score based on the monitored data and manually outputting them and/or modifying behaviors based on the scoring. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a processor to perform the monitoring, receiving/analyzing and generation steps. The processor in both steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of ranking information based on a determined amount of use) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the monitoring, receiving/analyzing and generation steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible
Dependent claims 2-11, 13-18 and 20 do not cure the deficiencies of claims 1, 12, or 19 and are thus rejected under the same rationale. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dupont et al (US 2012/0137367) in view of Tatourian et al (US 2016/0182556). 
Regarding claims 1, 12 and 19, Dupont et al discloses a computer-implementable method for protecting against contagion-based risk events, :
monitoring behavior of a plurality of users to construct a contagion network relationship map of connection and influence relationships between different users in the plurality of users based on specified measures of proximity between users in the plurality of users, where the specified measures of proximity are one or more measures selected from the group consisting of physical proximity, network proximity, logical proximity, organizational proximity, and communication proximity [0185, 0747-0757, 0771, 0810];
Please note that in this example the system may determine actor (user) influence and generate a map dependent upon the user actions and behaviors and decide has various actions impact other parties in the system. Note that proximity to the actor may also be factored in. 
However, Dupont el al does not expressly disclose:
The method being implemented on a system comprising: a processor; a data bus coupled to the processor; and a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor [0045, 0046, 0051, 0052, figure 6]. 
receiving and analyzing a stream of events from the plurality of users to identify a critical event performed by a first user having a first risk score by performing a risk assessment on each event in the stream of events to compute corresponding risk scores and identifying the critical event as a risk score meeting a minimum risk threshold requirement [0028];
Please note that in this example monitored behavior may be analyzed and particular events (i.e. critical event) may be deemed “too risky.” 
generating, from the first risk score, one or more propagated risk scores for at least a first connected user in the plurality of users based on connection and influence relationships between the first user and the first connected user that are extracted from the contagion network relationship by assigning one or more contagion risk scores to at least a first connected user in the plurality of users based on connection and influence relationships between the first user and the first connected user that are extracted from the contagion network relationship [0033]; 
Please note that in this example, a social and behavior risk score may be determined. This score can be based on the user’s interaction and/or relationship (i.e., influence) with other users. 
automatically generating an adaptive response to protect and control against actions by at least the first connected user based on the one or more propagated risk scores by preventing an identified user having a minimum propagated risk score from performing an event or action and/or otherwise dynamically protect data from access by the identified user [0028, 0033];
Please note that in this example, based on the combine social and security risk, a reputation (i.e. propagated risk score) may be calculated to make a recommendation and perform remedial actions such as limiting certain user behaviors. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Dupont et al by creating a risk score based on user influence, for the purpose of mitigating user risk behaviors, based upon the beneficial teachings provided by Tatourian et al, see for example [0033].  These modifications would result in increased security and ease of use, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claims 2-5, 13 and 20, Dupont et al and Tatourian et al discloses all the limitations of claims 1, 12, and 19. Dupont et al further discloses monitoring behavior of the plurality of users by monitoring (1) electronic data and communications inputs comprising emails, instant messages, or other messaging communications from the plurality of users, (2) electronic data and communications inputs which is configured to monitor and capture relationship information for the plurality of users, (3) electronic data and communications inputs from a calendar application used by one or more of the plurality of users an (4) one or more critical events associated with one or more of the plurality of users which are selected from a group consisting of employee hiring events, employee firing events, merger events, 
Please note that in this example, electronic communication (email/calendar), profile change detection (hiring/firing) and other public data and/or individual data collected may be monitored. 
Examiner takes official notice that it was notoriously well known at the time the claimed invention was filed to utilize to capture data from a CASB, see for example Backer [0045].  
Regarding claims 6 and 14, Dupont et al and Tatourian et al discloses all the limitations of claims 1, 12, and 19. Dupont et al further discloses the contagion network relationship map is constructed based on specified measures of proximity between users in the plurality of users [0998];
Please note that in this example the system may determine actor (user) influence and generate a map dependent upon the user actions and behaviors and decide has various actions impact other parties in the system. Note that proximity to the actor may also be factored in. 
Regarding claims 7 and 15, Dupont et al and Tatourian et al discloses all the limitations of claims 1, 12, and 19. Dupont et al further discloses the specified measures of proximity are one or more measures selected from the group consisting of physical proximity, network proximity, logical proximity, organizational proximity, and communication proximity[0998];
Please note that in this example the system may determine actor (user) influence and generate a map dependent upon the user actions and behaviors and 
Regarding claims 8 and 16, Dupont et al and Tatourian et al discloses all the limitations of claims 1, 12, and 19. However, Dupont et al does not expressly disclose but Tatourian et al further discloses receiving and analyzing the stream of events comprises performing a risk assessment on each event in the stream of events to compute corresponding risk scores and identifying the critical event as a risk score meeting a minimum risk threshold requirement [0028, 0033];
Please note that in this example monitored behavior may be analyzed and particular events (i.e. critical event) may be deemed “too risky.” 
The reasons to combine are the same as disclosed in point (17). 
Regarding claims 9 and 17, Dupont et al and Tatourian et al discloses all the limitations of claims 1, 12, and 19. However, Dupont et al does not expressly disclose but Tatourian et al further discloses generating the one or more propagated risk scores comprises assigning one or more contagion risk scores to at least a first connected user in the plurality of users based on connection and influence relationships between the first user and the first connected user that are extracted from the contagion network relationship [0028, 0033];
Please note that in this example, a social and behavior risk score may be determined. This score can be based on the user’s interaction and/or relationship (i.e., influence) with other users. 
The reasons to combine are the same as disclosed in point (17). 
Regarding claims 10 and 18, Dupont et al and Tatourian et al discloses all the limitations of claims 1, 12, and 19. However, Dupont et al does not expressly disclose but Tatourian et al further discloses automatically generating an adaptive response to protect and control against actions by at least the first connected user based on the one or more propagated risk scores [0028, 0033];
Please note that in this example, based on the combine social and security risk, a reputation (i.e. propagated risk score) may be calculated to make a recommendation and perform remedial actions such as limiting certain user behaviors. 
The reasons to combine are the same as disclosed in point (17). 
Regarding claims 11, Dupont et al and Tatourian et al discloses all the limitations of claims 1, 12, and 19. However, Dupont et al does not expressly disclose but Tatourian et al further discloses automatically generating the adaptive response comprises automatically preventing an identified user having a minimum propagated risk score from performing an event or action and/or otherwise dynamically protect data from access by the identified user [0028, 0033]; 
Please note that in this example, based on the combine social and security risk, a reputation (i.e. propagated risk score) may be calculated to make a recommendation and perform remedial actions such as limiting certain user behaviors. 
The reasons to combine are the same as disclosed in point (17). 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948.  The examiner can normally be reached on Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENDALL DOLLY/             Primary Examiner, Art Unit 2436