Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
The following Final Office Action is in response to communication regarding application 16/029,264 filed on 02/04/2021.

Status of Claims
Claim(s) 1-3, 5, 8-10, 15-17, 19, and 21-29 are currently pending and rejected as follows. Claim(s) 4, 6-7, 11-14, 18, and 20 are cancelled.

Response to Arguments – 101 Rejection
	Applicant’s arguments in regards to the previously applied 101 rejection have been fully considered but are not deemed persuasive.
	Applicant argues that the claims as amended do not recite an abstract idea, and even should an abstract idea be recited, the claims provide a meaningful improvement onto the technology of cyber-security.

	Further analysis is done on the claims to determine whether or not the claims are “directed to” the abstract idea. As explained previously the claims list several additional elements (such as a database, processor, and a non-transitory computer-readable medium), however, these are recited with such a high degree of generality that any combination or ordered pair would merely be an example of either adding the words “apply it” to the judicial exception, or insignificant extra solution activity, both of which do not provide an inventive concept.
	Finally, in regards to the claim that the invention provides an improvement into the technology of cyber-security, examiner disagrees as the claims recite an invention for the improvement onto the process of handling a cyber-security incident, but does not provide a significant improvement onto any specific hardware or element thereof that specifically improves the technology of cyber-security. The claims instead recite an invention for the application of cyber-security, rather than an improvement on the technology itself. Therefore the claims are ineligible.
	Further elaboration on this decision is explained in the 101 rejection below.

Response to Arguments – 103 Rejection
	Applicant’s arguments in regards to the previously applied prior art have been fully considered but are not deemed persuasive.
	Applicant claims that Buraparate does not possess the newly amended portions when brought in combination with Podgurny and Moss.
	Examiner disagrees as Buraparate’s match score had been determined to be equivalent to an agent’s aptitude for handling a task as the aptitude is a portion of the match score for handling a task and as such is still equitable to an agent’s aptitude. Buraparate also recites being able to determine if an agent would have the time available to complete a given task, or whether they would be ‘interrupted’ from other commitments, which in view of applicant’s specification, is equivalent to determining a workload as it would be impossible to determine the time available to an agent without knowing the agent’s already existing workload. While applicant argues that the match score does not include weights, this is untrue as elaborated further below, where Buraparate recites the capacity to weight certain keywords of an information packet which directly relate to an agents aptitude and workload, therefore making it equivalent to a weighted comparison of matching agents to a cyber-security task in view of applicant’s specification. Further elaboration regarding these determinations is given below in the newly amended prior art rejection.




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim(s) 1-3, 5, 8-10, 15-17, 19, and 21-29 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e. law of nature, a natural phenomenon, or an abstract idea) without significantly more.

Claims(s) 1-3, 5, 8-10, 15-17, 19, and 21-29 are directed to an invention for the creation of a cyber-security information packet, determining an agent to handle the cyber security incident based on current workload and aptitude, assigning the incident to the agent, then updating the database accordingly to reflect the assignment of the incident. These assignments fall within a subject matter grouping of abstract ideas which the Courts have considered ineligible (Certain Methods of Organizing Human Activity (Managing Personal Behavior or Relationships or Interactions Between People) and Mental Process). The claims do not integrate the abstract idea into a practical application, and do not include additional elements that provide an inventive concept (are sufficient to amount to significantly more than the abstract idea).
Under Step 1 of the Alice/Mayo framework, it must be considered whether the claims are directed to one of the four statutory classes of invention. In the instant case, Claims 1-3, 5, 21, 24, and 27 is directed towards a method comprising at least one step, Claims 8-10, 22, 25, and 28  
Under Step 2A, Prong One, it is seen whether the claims recite an abstract idea.
Regarding representative Independent claims 1, 8, and 15 the claim sets forth an invention for the creation of a cyber-security information packet, determining an agent to handle the cyber security incident based on current workload and aptitude, assigning the incident to the agent, then updating the database accordingly to reflect the assignment of the incident which is directed towards Organizing Human Activity and a Mental Process in the following limitations:
Creating, based on a cyber-security incident information packet associated with a first cyber-security incident, a first cyber security incident entry…wherein the first cyber-security incident entry indicates a first incident category.
Determining a first plurality of incident[s]…that corresponds to the first incident category, wherein each of the plurality of incident[s]…corresponds to a different incident category.
Analyzing statistics for a plurality of security analysts indicated in the first incident…to determine an aptitude of each of the plurality of security analysts for the first cyber-security incident
Determining workloads for each of the plurality of security analysts…
Identifying, based on a weighted comparison of the aptitude and the workload for each security analyst in the plurality of security analysts, a first security analyst of the plurality of security analysts.
Assigning the first security analyst as an owner of the first cyber-security incident;
Updating the workload for the first security analyst…based on the assignment
Updating the aptitude of the first security analyst…based at least in part on a choice by the first security analyst for the first cyber-security incident.
Under Step 2A, Prong Two, the claims recite the following additional elements:
	Independent claims 1, 8, and 15 recite:
A processor
A database
A non-transitory computer readable storage medium
A memory
A computing device
These additional elements, considered both individually and as an ordered combination do no more than generally link the use of the abstract idea to a particular technological environment or field of use. These elements are recited with a high degree of generality, and the specification sets for the general-purpose nature of the technologies required to implement the invention (emphasis added):
Support for this determination can be found in paragraph(s) 35, 61, and 218.
Under Step 2B, eligibility analysis evaluates whether the claim as a whole amounts to significantly more than the recited exception, i.e., whether any additional element, or 
Dependent claims 2-6, 9-11, 13, and 16-23 recite further limitations such as what the statistics are made up of (Claims 21-23), determining if the information packet does not match a previous packet (Claims 2, 9, and 16), further defining the characteristics (Claims 4-5, 11, and 18-19), updating the workload level (Claims 6, 13, and 20). Claims 3, 10, and 17 recite steps of notifying and reading data that are merely insignificant extra solution activity. (See MPEP 2106.05(g)).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims(s) 1, 3, 5, 8, 10, 15, 17, 19, and 21-29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Buraparate (US 2019/0180216 Al) in view of Podgurny (US 2012/0029962 Al)

Claims 1, 8, and 15 –
	Buraparate teaches the following limitations:
A memory coupled to the processor and storing computer readable program code that when executed by the processor to perform operations comprising: 
A non-transitory computer readable storage medium comprising computer readable program code embodied in the non-transitory computer readable storage medium, wherein the computer readable program code, when executed by a processor causes the processor to perform operations comprising: (Buraparate: Paragraph 50, " ... computer-readable storage medium, as used herein, is not to be construed as being transitory signals ... ")
creating, based on a cyber-security incident information packet associated with a first cyber-security incident, a first cyber-security incident entry in an incident database, wherein the first cyber-security incident entry indicates a first incident category; (Buraparate: Paragraph 15-16, " ... a connection to one or more network­accessible knowledge bases, which are network repositories containing information, ... "; Paragraph 20, " ... may receive an alert or notification of a computer security offense."; Paragraph 22, " ... may receive an alert or notification of a computer security offense ... may receive and/or process the computer security offense to create/generate a ticket or task ... "; Paragraph 24, " ... offense module may access or otherwise query an offense database in response to the parsing the computer security offense ... ")
Determining a first plurality of incident databases that corresponds to the first incident category, wherein each of the plurality of incident databases corresponds to a different incident category (Buraparate: Paragraph 26, " ... indicate a strength 
Analyzing statistics for a plurality of security analysts indicated in the first incident database to determine an aptitude of each of the plurality of security analysts for the first cyber-security incident (Buraparate: Paragraph 27, " ... analyst profile of the analyst profiles system ... analyst profile provide various analyst-specific data, such as expertise, experience, interest, skill level, title, and availability ... ")
Determining workloads for each of the plurality of security analysts based, at least in part, on data stored on one or more workload databases (Buraparate: Paragraph 29, " ... may assess a schedule of the analyst either provided in the analyst profile ... "; Paragraph 35, " ... update a task management software used by the SOC so that all analysts, managers, etc. can view schedules/tasks.")
Identifying, based on a weighted comparison of the aptitude and the workload for each security analyst in the plurality of security analysts, a first security analyst of the plurality of security analysts (Buraparate: Paragraph 23, “the keywords may be weighted in accordance with a priority set by…weighting scheme may be a numerical value used as a modifier to increase an importance of one or more aspect or characteristic of the computer security offense. For example, a customer may place a higher priority on immediate remediation of offenses relating to a DDoS attack, which means that if a keyword associated with DDoS is detected, then the task assignment application 130 may prioritize a schedule availability of an analyst over the analyst's interests in remediating DDoS attacks…”; Paragraph 
Assigning the first security analyst as an owner of the first cyber-security incident; (Buraparate: Paragraph 26, " ... assigns the task to the analyst ... ")
Updating the workload for the first security analyst in the one or more workload databases based on the assignment; and (Buraparate: Paragraph 29, " ... may assess a schedule of the analyst either provided in the analyst profile ... "; Paragraph 35, “... update a task management software used by the SOC so that all analysts, managers, etc. can view schedules/tasks.")
Buraparate does not teach an automatic update of statistics, however, Podgurny discloses the following:
Updating the aptitude for the first security analyst in the first incident database based, at least in part, on a choice by the first security analyst for the first cyber-security incident. (Podgurny: Paragraph 4, " ... provides a method for a business organization to assign a job to an employee ... "; Paragraph 6-7, " ... an identification of a job assignment yet to be performed ... an identification of an employee that has been assigned the job assignment ... "; Paragraph 262, "Shown in FIG.9 is a non-limiting example of a job assignment database 900 that is stored within the memory 3 8 ... in order to keep track of jobs ... updated whenever communication between the network server 12 and an employee takes place ... "; Paragraph 272, " ... the processing entity 36 has received confirmation of acceptance of a job assignment from an employee ... "; Fig.9)



Claims 3, 10, and 17 – 
Buraparate in view of Podgurny teach the limitations of claims 1, 8, and 15. 
Buraparate further discloses:
Notifying the first security analyst of the assignment (Buraparate: Paragraph 35, “... assign the task to the analyst ... notify the analyst using various electronic communication.")

Claims 5, and 19 –
Buraparate in view of Podgurny teach the limitations of claims 1, and 15. 
Buraparate further discloses:
Wherein the aptitude of the first security analyst is associated with a technical field. (Buraparate: Paragraph 27, “... the analyst has expertise in DDoS responses and has an interest in the topic, which means the analyst-specific data is not only relevant to the offense...")

Claims 21, 22, and 23 –
Buraparate in view of Podgurny teach the limitations of claims 1, 8, and 15. 
Buraparate further teaches the following:
wherein the statistics for the plurality of security analysts indicated in the first incident database comprise at least one of a number of related pending incidents, a number of related incidents completed, and an average response time. (Buraparate: Paragraph 29, " ... may determine how long various offenses/issues take to resolve, using machine learning over time, data from the offense database 113 on previously completed tasks for similar issues ... to determine whether the analyst would have time to complete the task.")

Claims 24, 25, and 26 –
Buraparate in view of Podgurny teach the limitations of claims 1, 8, and 15. 
Buraparate further teaches the following:
Further comprising determining weights for aptitude and workload in the weighted comparison of the aptitude and the workload for each security analyst in the plurality of security analysts based, at least in part, on a type of the first cyber- security incident. (Buraparate: Paragraph 23 weighting scheme may be a numerical value used as a modifier to increase an importance of one or more aspect or characteristic of the computer security offense. For example, a customer may place a higher priority on immediate remediation of offenses relating to a DDoS attack, which means that if a keyword associated with DDoS is detected, then the task assignment application 130 may prioritize a schedule availability of 

Claims 27, 28, and 29 –
Buraparate in view of Podgurny teach the limitations of claims 1, 8, and 15. 
Buraparate further teaches the following:
wherein determining the first security analyst of the plurality of security analysts comprises determining that the first security analyst has a minimum aptitude, a 

Claim(s) 2, 9, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Buraparate (US 2019/0180216 Al) in view of Podgurny (US 2012/0029962 Al) and Drihem (US 2018/034277 Al).

Claims 2, 9, and 16 –
	Buraparate in view of Podgurny teach the limitations of claims 1, 8, and 15. 

Prior to creating the new cyber-security incident entry in the incident database, determining the cyber-security incident information packet does not match an existing incident (Drihem: Paragraph 33, " ... incidents are captured, analyzed and associated, with a particular new or existing malware ... if the security incident indicates a new malware, a new publication, a new publication can be produced.")

Buraparate teaches a method of automatically matching assignments to various specialists based on their database profiles. Podgurny teaches a method of tracking assignments tasked to various employees. Drihem teaches a method of taking new cyber security incidents and comparing them to see if they are new or existing incidents. At the time of the Applicant's filed invention, it would have been obvious to one of ordinary skill in the art to modify the method of Buraparate in view of Podgurny with the teachings of Drihem as taught by Drihem (Drihem: Paragraph 33, " ... additional information learned from the incident regarding the malware and/or new and updated solutions to protect and handle the existing malware.")

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Philip N Warner whose telephone number is (571)270-7407.  The examiner can normally be reached on Monday-Friday 7am-4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jerry O’Connor can be reached on 571-272-6787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 






/Philip N Warner/Examiner, Art Unit 3624                                                                                                                                                                                                        


/Jerry O'Connor/Supervisory Patent Examiner,Group Art Unit 3624