Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed action
Claims 1-3, 5-10, 12-17 and 19-22 are pending and are being considered
Claims 1, 6, 8, 14-16 and 19-21 have been amended.
Claims 4 and 11 have been cancelled.
Examiner's Amendments
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner's amendment was given in a telephone interview and by Email from Daniel M. Fitzgerald Reg. No. 38,880 on 04/08/2021.

AMEND THE CLAIMS AS FOLLOWS:
1.	(currently amended) A risk assessment (RA) computing device for generating network security campaigns to discover network security gaps, said RA computing device comprising at least one processor in communication with a memory, said at least one processor programmed to:
receive a range of internet protocol (IP) addresses of a protected network for storing within the memory, the range of IP addresses including IP addresses participating in the protected network;

determine [[that]] whether the requesting computing device is in the protected network by comparing the IP address of the requesting  computing device to the range of IP addresses of the protected network stored within the memory;
if the requesting computing device is determined to be outside the protected network, block access to the first tracer file;
if the requesting computing device is determined to be in the protected network, generate the first tracer file, wherein the first tracer file is a non-executable file that includes at least one unique attribute and test sensitive data; 
provide the first tracer file to the protected network to enable a verified user to attempt to retrieve the first tracer file from the protected network;
receive, from a submitting computing device, a request to upload a second tracer file to the memory, the second tracer file purported to be the first tracer file retrieved by the verified user from the protected network, the upload request includes an IP address of the submitting computing device;
determine [[that]] whether the submitting computing device is outside of the protected network by comparing the IP address of the submitting computing device to the range of IP addresses of the protected network stored within the memory;
if the submitting computing device is determined to be in the protected network, block the uploading of the second tracer file to the memory; 
if the submitting computing device is determined to be outside of the protected network, upload, from the submitting computing device, the second tracer file to the memory; 
validate that the second tracer file uploaded from the submitting computing device is identical to the first tracer file provided on the protected network by comparing the second tracer file to the first tracer file to confirm that the first and second tracer files are identical to confirm that the protected network was compromised by the verified user; and
authenticate the validity of the second tracer file as matching the first tracer file to a network security campaign based on the validation.
4.	(cancelled)

6.	(currently amended) The RA computing device of Claim 5, wherein said at least one processor is further programmed to analyze the written description to determine a security risk level of the protected network by (i) parsing, tagging or filtering [[the]] a descriptive text of the written description, (ii) applying rules stored within the memory for scoring the descriptive text, and (iii) assigning a predefined score to the descriptive text to rate the level associated with the retrieval of the first tracer file from the protected network.

8.	(currently amended) A computer-implemented method for generating network security campaigns to discover network security gaps, said method implemented by a [[RA]] risk assessment (RA) computing device in communication with a memory, a requesting computing device, and a submitting computing device, said method comprising:

receiving, by the RA computing device, a request to generate a first tracer file by the requesting computing device, the generate request includes an IP address of the requesting computing device;
determining, by the RA computing device, [[that]] whether the requesting computing device is in the protected network by comparing the IP address of the requesting computing device to the range of IP addresses of the protected network stored within the memory;
if the requesting computing device is determined to be outside the protected network, blocking access to the first tracer file;
if the requesting computing device is determined to be in the protected network, generating, by the RA computing device, the first tracer file, wherein the first tracer file is a non-executable file that includes at least one unique attribute and test sensitive data; 
providing, by the RA computing device, the first tracer file to the protected network to enable a verified user to attempt to retrieve the first tracer file from the protected network;
receiving, by the RA computing device, a request to upload a second tracer file to the memory from the submitting computing device , the second tracer file purported to be the first tracer file retrieved by the verified user from the protected network, the upload request including an IP address of the submitting computing device;
whether the submitting computing device is outside of the protected network by comparing the IP address of the submitting computing device to the range of IP addresses of the protected network stored within the memory;
if the submitting computing device is determined to be in the protected network, blocking, by the RA computing device, the uploading of the second tracer file to the memory; [[and]]
if the submitting computing device is determined to be outside of the protected network, uploading, by the RA computing device from the submitting computing device, the second tracer file to the memory;
validating that the second tracer file uploaded from the submitting computing device is identical to the first tracer file provided on the protected network by comparing the second tracer file to the first tracer file to confirm that the first and second tracer files are identical to confirm that the protected network was compromised by the verified user; and
authenticating the validity of the second tracer file as matching the first tracer file to a network security campaign based on the validation.
11.	(cancelled)

14.	(currently amended) The method of Claim 8, further comprising generating, by the RA computing device, the at least one unique attribute associated with the verified user that requested the generating of the first tracer file for identifying the first tracer file, and including the at least one unique attribute in the first tracer file when generating the first tracer file.
at least one processor to: 
receive a range of internet protocol (IP) addresses of a protected network for storing within a memory, the range of IP addresses including IP addresses predefined as participating in the protected network;
receive, from a requesting computing device, a generate request to generate a first tracer file 
determine [[that]] whether the requesting computing device is in the protected network by comparing the IP address of the requesting computing device to the range of IP addresses of the protected network stored within the memory;
if the requesting computing device is determined to be outside the protected network, block access to the first tracer file;
if the requesting computing device is determined to be in the protected network, generate the first tracer file, wherein the first tracer file is a non-executable file that includes at least one unique attribute and test sensitive data; 
provide the first tracer file to the protected network to enable a verified user to attempt to retrieve the first tracer file from the protected network;

determine [[that]] whether the submitting computing device is outside of the protected network by comparing the IP address of the submitting computing device to the range of IP addresses of the protected network stored within the memory;
if the submitting computing device is determined to be in the protected network, block the uploading of the second tracer file to the memory; 
if the submitting computing device is determined to be outside of the protected network, upload, the second tracer file to the memory; 
validate that the second tracer file uploaded from the submitting computing device is identical to the first tracer file provided on the protected network by comparing the second tracer file to the first tracer file to confirm that the first and second tracer files are identical to confirm that the protected network was compromised by the verified user; and
authenticate the validity of the second tracer file as matching the first tracer file to a network security campaign based on the validation.
16.	(currently amended) The computer-readable storage media in accordance with Claim 15, wherein the computer-executable instructions further cause the at least one processor to perform the validation on the second tracer file by verifying at least one of (i) an MD5 hash value 
19.	(currently amended) The computer-readable storage media in accordance with Claim 15, wherein the computer-executable instructions further cause the at least one processor to receive, from the submitting computing device, a written description of how the verified user retrieved the second tracer file from the protected network.
20.	(currently amended) The computer-readable storage media in accordance with Claim 19, wherein the computer-executable instructions further cause the at least one processor to analyze the written description to determine a security risk level of the protected network. 
21.	(currently amended) The computer-readable storage media in accordance with Claim 15, wherein the computer-executable instructions further cause the at least one processor to receive the at least one unique attribute associated with the verified user that requested the generating of the first tracer file for identifying the first tracer file and including the at least one unique attribute in the first tracer file when generating the first tracer file.
Response to arguments
Applicants arguments filled on 01/27/2021 have been fully considered and are persuasive.
Allowable Subject matter
Claims 1-3, 5-10, 12-17 and 19-22 are allowed.
Examiner’s Statement of Reason for Allowance

The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
The present invention is directed towards a risk assessment (RA) computing device for generating network security campaigns to discover network security gaps. The RA computing device includes at least one processor in communication with a memory and a network. The RA computing device is further in communication with a first computing device and a second computing device. The at least one processor is programmed to receive a range of IP addresses and store the range of IP addresses into the memory. The at least one processor is also programmed to receive, from the first computing device, a request to generate a tracer file. The request includes an IP address of the first computing device.

Claims 1, 8 and 15 identifies a unique and distinct feature of “…..determine whether the submitting computing device is outside of the protected network by comparing the IP address of the submitting computing device to the range of IP addresses of the protected network stored within the memory; if the submitting computing device is determined to be in the protected network, block the uploading of the second tracer file to the memory; validate that the second tracer file uploaded from the submitting computing device is identical to the first tracer file provided on the protected network by comparing the second tracer file to the first tracer file to confirm that the first and second tracer files are identical to confirm that the protected network was compromised by the verified user….” including other limitations in the claims.
The closest prior art Matsumura et al (US 20140373167) is directed towards an information security technique and, in particular, to a technique for tracing information leaked from a computer system to a recipient of the leaked information. A first object of the present invention is to provide a trace center apparatus capable of identifying a recipient of leaked information and a method for enabling contents to be traced. A second object of the present invention is to provide a trace center apparatus capable of identifying a recipient of leaked information without being inhibited from tracing and a method for enabling a content to be traced.
Matsumura teaches receiving a request to generate tracer file, uploading the tracer file to a second computer and authenticating the tracer file, However Matsumura fails to explicitly teach determine whether the submitting computing device is outside of the protected network by comparing the IP address of the submitting computing device to the range of IP addresses of the protected network stored within the memory; if the submitting computing device is determined to be in the protected network, block the uploading of the second tracer file to the memory; validate that the second tracer file uploaded from the submitting computing device is identical to the first tracer file provided on the protected network by comparing the second tracer file to the first tracer file to confirm that the first and second tracer files are identical to confirm that the protected network was compromised by the verified user.
	The closest prior art Mori (US 20150372879) is directed towards a communication system capable of determining whether a client device is permitted to execute an object program or not for each region in which the client device is placed; a first reception process for receiving an IP packet from the client device via the first communication device, the IP packet containing first information, a second 
Mori taches range of IP address and verifying if the IP address of requesting computer is within the range of the IP address stored. Just like Matsumura, Mori also fails to teach determine whether the submitting computing device is outside of the protected network by comparing the IP address of the submitting computing device to the range of IP addresses of the protected network stored within the memory; if the submitting computing device is determined to be in the protected network, block the uploading of the second tracer file to the memory; validate that the second tracer file uploaded from the submitting computing device is identical to the first tracer file provided on the protected network by comparing the second tracer file to the first tracer file to confirm that the first and second tracer files are identical to confirm that the protected network was compromised by the verified user.
The closest prior art Mahaffey et al (US 20150163121) is directed towards field of device monitoring and more particularly, to systems and techniques for gathering data across a large-scale of computing devices, evaluating the data, and responding accordingly. A norm is established using the collected data. The norm is compared with data collected from a particular device. If there is a deviation outside of a threshold deviation between the norm and the data collected from the particular device, a response is initiated.
Mahaffey teaches tracer file is a non-executable that includes unique attribute and sensitive data, however just like Matsumura and Mori, Mahaffey also fails to teach determine whether the submitting computing device is outside of the protected network by comparing the IP address of the 

Therefore the prior art of record does not teach or suggest individually or in combination the particular limitation listed below as recited in the claims.
“…..determine whether the submitting computing device is outside of the protected network by comparing the IP address of the submitting computing device to the range of IP addresses of the protected network stored within the memory; if the submitting computing device is determined to be in the protected network, block the uploading of the second tracer file to the memory; validate that the second tracer file uploaded from the submitting computing device is identical to the first tracer file provided on the protected network by comparing the second tracer file to the first tracer file to confirm that the first and second tracer files are identical to confirm that the protected network was compromised by the verified user….”
None of the prior art of record, either taken individually or in any combination, would have anticipated or made obvious the invention of the instant application at or before the time it was filled.
Therefore these particular unique feature are found to be allowable only in context of all the other limitations in the claims.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436                                                                                                                                                                                                        

/MOEEN KHAN/               Examiner, Art Unit 2436