DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This action is in response to the communication filed on October 28, 2019.  Claims 1-16 were previously received for consideration.  No preliminary amendments for the claims have been received.  This action is made NON-FINAL. 

Claim Status
2.	Claims 1-16 are currently pending consideration.

Greetings from Your Examiner

3.	Dear applicant, my name is Kaveh Abrishamkar, the patent examiner assigned to process your patent application.  After reviewing this Office Action, please do not hesitate to contact me via telephone.  My telephone number is 571-272-3786.  If you cannot reach me in person, please leave a voicemail and I will try to return your call within 24 hours. 

Examiner Remarks
4.	This case is being examined in the “Pro Se Examination Unit” (Art Unit 3649).  Pro Se Assistance is a current pilot program at the USPTO which offers customer service to applicants filing patent applications without legal representation.

6.    Applicant should respectfully note that any amendments made should comply with MPEP §714 and 37 CFR §1.121. The below hyperlink provides an example of making a proper response, and the examiner strongly suggests referencing it when preparing a response. Should applicant desire a paper copy, please contact the examiner at the below telephone number and one will be provided.
http://www.uspto.gov/ web/ offices/pac/dapp/ opla/preognohce/formatrevamdtprac.pdf
7.	The USPTO understands Internet e-mail communications may be more convenient for some applicants. However, communication via e-mail proses risks to information confidentiality. The USPTO will NOT respond via e-mail to any Internet correspondence which contains information subject to the confidentiality requirement as set forth in 35 U.S.C. §122 without a signed written authorization by applicant in place.
In the case the applicant wishes to communicate with the examiner via e-mail, a written authorization must be submitted by mail, fax or EFS-Web prior to any e-mail communication (i.e., the authorization cannot be e-mailed to the examiner). For the applicant's convenience, the examiner has included a link to the Form-Authorization for Interest Communication in a patent Application:
https://www.uspto.gov/sites/default/files/documents/sb0439.pdf.
Please note that the authorization may later be withdrawn by filing a signed paper clearly identifying the original authorization and indicating that the authorization has been withdrawn (see MPEP §502.03). Also note that a formal reply to an Office Action can NEVER be submitted via email.

8. 	Finally, applicant should respectfully note that the position of the U.S. Patent and Trademark Office is to recommend all applicants seek the advice of a registered practitioner, especially prior to the acceptance of claims for allowance. While the advice is not required, it is encouraged in order to best protect the applicant's interests. Please note that the suggestion of seeking representation does not necessarily conclude that patentability of the present invention is inevitable.




Claim Rejections - 35 USC § 101


Note:  101 Rejections are directed towards whether or not the claims are eligible to be patented. 



35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. An abstract idea is a category of invention which has been determined to possibly be non-statutory.  These include mathematical concepts, mental processes, and certain methods of organizing human activity.  If the claims fall under one of these groupings, then further investigation is required to determine whether there is a practical application which means there is an additional element or combination of elements which imposes a meaningful limitation on the 

In the present case, claim 1 recites multiple steps including detecting by a community of hunters a vulnerability, publishing the vulnerability on a platform, performing a check to determine if the vulnerability exists in a database, selecting validators to validate the vulnerability, validating the vulnerability and adding the validated vulnerability. These elements are all directed towards a method of organizing human activity as they can be performed by a human and do not require any specialized hardware.  The steps can be performed by human users which are tasked with detecting, validating and publishing vulnerabilities.  The Uncloak platform is merely ancillary to the claims as the steps can all be performed by human users.  Therefore, it is determined that the claims are directed towards a judicial exception.  The next step is to determine whether this judicial exception (method of organizing human activity) is integrated into a practical application.  
This judicial exception is not integrated into a practical application because though a computer and software is used to perform the steps of detecting, publishing, and adding the vulnerabilities, all the steps are instituted by a human user.  There is nothing beyond steps being performed by a human user which can constitute integrating the method into a practical application.  Furthermore, there are no additional elements in any of the dependent claims which would integrate the method of organizing human activity into a practical application. 

Therefore, the claims above are rejected under 101.  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-4, 7-9, 11-12, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hutchinson et al. (U.S. Patent Pub. No. US 2006/0004614) in view of Angelo et al. (U.S. Patent Pub. No. US 2020/0394309). 

Regarding claim 1, Hutchinson discloses: 
A cybersecurity threat management method, comprising: 
detecting, by a first hunter of a community of hunters, a cyber vulnerability associated with a listed software, hardware, or network of computers (paragraphs 0034-0035, 0050-0051:  vulnerability initiator initiates the new vulnerability); 
publishing, by the first hunter, the detected cyber vulnerability onto an Uncloak platform (paragraphs 0050-0051:  the vulnerability initiator creates content related to the new vulnerability in the CMS (content management system)); 
performing, by the Uncloak platform, a check to determine whether the detected cyber vulnerability exists in a database or the detected cyber vulnerability does not exist in the database (paragraphs 0050-0052:  the reviewer can determine if the vulnerability already exists in the database); 
selecting, by the Uncloak platform, a validator from the community of hunters to validate the detected cyber vulnerability, when the detected cyber vulnerability does not exist in the database (paragraph 0051:  vulnerability validator validates the vulnerability content); 
validating, by the plurality of validators, the detected cyber vulnerability to determine if the detected cyber vulnerability is valid or invalid (paragraph 0051:  vulnerability validator validates the vulnerability content); and 
adding, by the Uncloak platform, the detected cyber vulnerability as a new cyber vulnerability in the database, when the detected cyber vulnerability is determined as valid (paragraph 0051:  the vulnerability content that has been approved is added to the content database). 
Claim 2 is rejected as applied above in rejecting claim 1.  Furthermore, Hutchinson discloses: 
The method of claim 1, wherein the first hunter further publishes a potential remediation to the detected cyber vulnerability, along with the detected cyber vulnerability onto the Uncloak platform (paragraph 0054:  publishes vendor patches and/or any other countermeasures for mitigating the risk in the vulnerability content). Claim 3 is rejected as applied above in rejecting claim 1.  Furthermore, Angelo discloses:
The method of claim 1, wherein the plurality of validators includes at least four validators, and wherein the detected cyber vulnerability is determined to be valid when at least a majority of the plurality of validators determine the detected cyber vulnerability to be valid (paragraphs 0035, 0038: authority is formed from multiple entities.  Though a number is not specified, it would have been obvious to incorporate more than 4 validators to have a more exhaustive validation process). Claim 4 is rejected as applied above in rejecting claim 1.  Furthermore, Hutchinson discloses: 
The method of claim 1, further comprising reporting, by the Uncloak platform, the new cyber vulnerability along with a potential remediation to one or more affected clients, wherein the new cyber vulnerability along with the potential remediation allow them to take necessary remediation steps document vendor patches for vulnerabilities for mitigating the vulnerability). 
The method of claim 1, further comprising rewarding, by the Uncloak platform, a first quantity of tokens to the first hunter for detecting the new cyber vulnerability and a second quantity of tokens to each of the plurality of validators for determining the new cyber vulnerability as valid. Claim 7 is rejected as applied above in rejecting claim 1.  Furthermore, Hutchinson discloses: 
The method of claim 1, further comprising notifying, by the Uncloak platform, to the first hunter of an unsuccessful validation of the detected cyber vulnerability, when the detected cyber vulnerability exists in the database or when the plurality of validators determines the detected cyber vulnerability as invalid (paragraph 0052:  the reviewer can reject the vulnerability if it exists already in the database).  Claim 8 is rejected as applied above in rejecting claim 1.  Furthermore, Hutchinson discloses: 
The method of claim 1, where each hunter of the community of hunters is an ethical hacker or a non-ethical hacker, who is a security expert or a software developer and who is registered on the Uncloak platform (paragraphs 0034-0035:  users on CMS are assigned a role based on their skill set.  It would have been obvious that the skill set associated with a security vulnerability would be a software vulnerability expert). Claim 9 is rejected as applied above in rejecting claim 1.  Furthermore, Hutchinson discloses: 
users on CMS are assigned a role based on their skill set.  The users are registered onto the CMS). Regarding claim 11, Hutchinson discloses: 
A cybersecurity threat management system, comprising: 
an Uncloak platform for facilitating one or more operations comprising: 
detecting, by a first hunter of a community of hunters, a cyber vulnerability associated with a listed software, hardware, or network of computers (paragraphs 0034-0035, 0050-0051:  vulnerability initiator initiates the new vulnerability); 
publishing, by the first hunter, the detected cyber vulnerability onto the Uncloak platform (paragraphs 0050-0051:  the vulnerability initiator creates content related to the new vulnerability in the CMS (content management system)); 
performing, by the Uncloak platform, a check to determine whether the detected cyber vulnerability exists in a database or the detected cyber vulnerability does not exist in the database (paragraphs 0050-0052:  the reviewer can determine if the vulnerability already exists in the database); 
selecting, by the Uncloak platform, a plurality of validators from the community of hunters to validate the detected cyber vulnerability, when the detected cyber vulnerability does not exist in the database (paragraph 0051:  vulnerability validator validates the vulnerability content);  
validating the detected cyber vulnerability to determine if the detected cyber vulnerability is valid or invalid (paragraph 0051:  vulnerability validator validates the vulnerability content); and 
the vulnerability content that has been approved is added to the content database). 	Hutchinson does not explicitly disclose that there are a plurality of validators that validate the detected vulnerability.  In an analogous art, Angelo discloses a plurality of entities which are used to verify extensions to blockchains, and which may require a consensus of entities before a blockchain extension is allowed (Angelo:  paragraphs 0035, 0038).  It would have been obvious to one of ordinary skill in the art to require a plurality of validators so that a consensus would be required before any change is allowed to the database (Angelo:  paragraph 0039).  
 Claim 12 is rejected as applied above in rejecting claim 11.  Furthermore, Angelo discloses: 
The system of claim 11, wherein the plurality of validators includes at least four validators, and wherein the detected cyber vulnerability is determined to be valid when at least a majority of the plurality of validators determine the detected cyber vulnerability to be valid (paragraphs 0035, 0038: authority is formed from multiple entities.  Though a number is not specified, it would have been obvious to incorporate more than 4 validators to have a more exhaustive validation process). Claim 15 is rejected as applied above in rejecting claim 11.  Furthermore, Hutchinson discloses: 
The system of claim 11, wherein one or more hunters of the community of hunters are allowed to perform cybersecurity threat hunting onto the Uncloak platform after successful registration, wherein the successful registration is performed by the Uncloak platform by successfully executing and validating at least an application of each hunter (paragraphs 0034-0035:  users on CMS are assigned a role based on their skill set.  The users are registered onto the CMS). 


Claims 5-6, 10, 13-14, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hutchinson et al. (U.S. Patent Pub. No. US 2006/0004614) in view of Angelo et al. (U.S. Patent Pub. No. US 2020/0394309) in further in view of Vessenes et al. (U.S. Patent Pub. No. US 2019/0172026).


Claim 5 is rejected as applied above in rejecting claim 1.  Furthermore, the combination of Hutchinson and Angelo does not explicitly teach rewarding, by the Uncloak platform, a first quantity of tokens to the first hunter for detecting the new cyber vulnerability and a second quantity of tokens to each of the plurality of validators for determining the new cyber vulnerability as valid. In an analogous art, Vessenes discloses a reward for validators and transactors (miners) (paragraph 0065-0067, 0119, 0129, 0136).  In Vessenes, the miners get more of a reward that the validators (paragraphs 0065-0067).  The miners, the one that discover, are analogous to the hunters which find the vulnerability in the claimed invention, and the validators in both Vessenes and the claimed invention both validate the discovery.  It would have been obvious to one of ordinary skill to incentivize the hunters to find vulnerabilities (Vessenes:  paragraph 0065). Claim 6 is rejected as applied above in rejecting claim 5.  Furthermore, Vessenes discloses: 
The method of claim 5, wherein the first quantity of tokens is greater than the second quantity of tokens (paragraphs 0065-0067). 




Claim 13 is rejected as applied above in rejecting claim 11.  Furthermore, the combination of Hutchinson and Angelo does not explicitly disclose wherein the Uncloak platform is further configured to reward a first quantity of tokens to the first hunter for detecting the new cyber vulnerability and a second quantity of tokens to each of the plurality of validators for determining the new cyber vulnerability as valid. In an analogous art, Vessenes discloses a reward for validators and transactors (miners) (paragraph 0065-0067, 0119, 0129, 0136).  In Vessenes, the miners get more of a reward that the validators (paragraphs 0065-0067).  The miners, the one that discover, are analogous to the hunters which find the vulnerability in the claimed invention, and the validators in both Vessenes and the claimed invention both validate the discovery.  It would have been obvious to one of ordinary skill to incentivize the hunters to find vulnerabilities (Vessenes:  paragraph 0065).Claim 14 is rejected as applied above in rejecting claim 13.  Furthermore, Vessenes discloses: 
The system of claim 13, wherein the first quantity of tokens is greater than the second quantity of tokens (paragraphs 0065-0067).



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786.  The examiner can normally be reached on M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Robert Hodge can be reached on 571-272-2097. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/KAVEH ABRISHAMKAR/
03/22/2021Primary Examiner, Art Unit 3649