DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 15-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the computer program product includes transmissible media because applicant’s disclosure lacks definition for “tangible” computer program products. 


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 5, 9, 12, 15 and 18 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by  Alperovitch et al., US 9,292,881 B2 (hereafter referred to as Alperovitch).
A.	Regarding claim 9, Alperovitch teaches a system (column 4, lines 41-48; “In various embodiments, devices of the security service 102 may include processor(s) 222, network interface(s) 224, and memory 226.”), comprising: a memory; and at least one processing device, coupled to the memory (column 4, lines 41-48; “In various embodiments, devices of the security service 102 may include processor(s) 222, network interface(s) 224, and memory 226.”), operative to implement the following steps:
 obtaining at least one cluster of organizations derived from clustering a plurality of organizations based on one or more predefined clustering parameters (column 2, lines 18-24; “The entities may be organizations, such as businesses, academic institutions, or governmental entities, or may be individuals or groups of individuals.  Each entity is associated with one or more computing devices, and each computing device may include an agent that serves as a client to a security service.” Also see column 2, lines 39-49; “As illustrated in FIG. 1a, the security service, such as security service 102, may create the groups for the client entities, such as client entities 104, using any of a number of secure mechanisms.” Also, see column 10, lines 56-67; “The search module 238 may be invoked by the group formation module 238, as mentioned above, and may, for example, compare the search query to the client entity 
 obtaining a plurality of policies from at least one of the plurality of organizations in the at least one cluster (column 2, lines 11-19; “The security information may include one or more of threat information, remediation information, attack data, vulnerability information, reverse engineering information, packet data, network flow data, protocol descriptions, victim information, threat attribution information, incident information, proliferation data, user feedback, information on systems and software, or policies.”); 
selecting at least one of the obtained plurality of policies based on a predefined policy sharing criteria (column 9, lines 5-18; “… the group information 232 may include a list of client entities 104 associated with the group and an identification of a characteristic associated with the group (e.g., shared threat, common member characteristic, etc.” see column 9, lines 15-19; “Also, the group information 232 may include settings for sharing and policy parameters that govern the sharing of client entity security information, and settings governing the exposure of client entity identities to the group.”).; and 
sharing the at least one selected policy with one or more of the plurality of organizations in the at least one cluster (column 11, lines 9-25; “The sharing module 240 may perform the automatic sharing in accordance with group parameters specifying the security information 234 that should be shared and/or in accordance with client entity parameters/settings.”).
B.	Claim 1 is a method similar to the system of claim 9. Claim 15 is a computer program product of similar to claim 9, further comprising a computer program product, comprising a 
C.	Regarding dependent claim 12, Alperovitch teaches the system of claim 9, wherein the predefined clustering parameters comprise one or more of an industry type, a number of users, a number of locations, a number of protected applications, an application type, a customer characterization and an overall security score (column 10, lines 1-7; “In further embodiments, the group formation module 236 may create a group based on client entity characteristics or preferences.  For example, the group formation module 236 may create a group that includes client entities 104 having a same or related industry sector, geographic location, entity size, etc. This may involve augmenting the group information 232 with information describing the new group.”).
D.	Claim 5 is a method similar to the system of claim 12. Claim 18 is a computer program product of similar to claim 12. Both are rejected similarly.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 10 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Alperovitch in view of  Seigel et al., US 2017/0083643 A1 (hereafter referred to as Seigel).
A.	Regarding dependent claim 10, Alperovitch teaches the system of claim 9, as cited above. Alperovitch does not specifically teach further comprising the step of simulating a use of the at least one selected policy by one or more of the plurality of organizations to evaluate a performance of the at least one selected policy. However, in the same field of endeavor, Seigel teaches the step of simulating a use of the at least one selected policy by one or more of the plurality of organizations to evaluate a performance of the at least one selected policy (p. 31, “For example, the modified configuration information 122 may include information associated with the types of activities that users perform and may be used to simulate user activities (e.g., the replicated user activities 218).”” A classifier (e.g., a machine learning algorithm) may be trained to identify the potential problems 224 and the potential solutions 226 to address the 
potential problems 224.” p. 34, “The user may instruct the replication server 202 to simulate the activities in the first modified configuration.  If the problem is addressed, the user may make the same or similar modifications to the customer's network (e.g., the computing system 100).”). It would have been obvious to one of ordinary skill in the art before the effective filing 
B.	Claim 2 is a method similar to the system of claim 10. Claim 16 is a computer program product of similar to claim 10. Both are rejected similarly.

Claims 3-4, 7, 11, 13, 17 and 19 are is/are rejected under 35 U.S.C. 103 as being unpatentable over Alperovitch in view of Reybok et al., US 9,710,644 B2 (hereafter referred to as Reybok).
A.	Regarding dependent claim 11, Alperovitch teaches the system of claim 9, as cited above. Alperovitch does not specifically teach further comprising the step of one or more of normalizing and abstracting the at least one selected policy prior to the sharing step. However, in the same field of endeavor, Reybok teaches further comprising the step of one or more of normalizing and abstracting the at least one selected policy prior to the sharing step (column 20, lines 36-38; “These techniques also provide for a framework for normalizing and sharing data for purposes of improving security.” See column 6, lines 7-19; “… b) storing a database of remedial measures for specific threats used by other clients, and then notifying an entity of remedial measures reported to have been successful against the specific threat (e.g., if multiple remedial measures are provided, these can be further ranked in terms of efficacy) …”. See also column 26, lines 27-35; “As referenced earlier, an architecture is advantageously employed that permits cross-product or cross-platform communication (e.g., between products of different vendors) in a manner normalized for communication and in a manner that permits automated 
B.	Claims 3-4 are methods similar to the system of claim 11. Claim 17 is a computer program product of similar to claim 11. Both are rejected similarly.

C.	Regarding dependent claim 13, Alperovitch teaches the system of claim 9, as cited above. Alperovitch does not specifically teach further comprising the step of ranking the at least one selected policy based on an indicator of importance. However, in the same field of endeavor, Reybok teaches the step of ranking the at least one selected policy based on an indicator of importance (column 5, lines 1-11; “Because of the detected correlation, the threat ranking may rise, and it is desired generally to inform one or more earlier reporters, e.g., other clients, of the (now correlated) threat.” See column 6, lines 1-5, 11-15; “[A] central query routing and/or aggregation service also provides remedial measures to counteract a possible threat which has been determined to be correlated with historical (filtered) data. … “b) storing a database of remedial measures for specific threats used by other clients, and then notifying an entity of remedial measures reported to have been successful against the specific threat (e.g., if multiple remedial measures are provided, these can be further ranked in terms of efficacy)…”. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Alperovitch to substitute ranked policy of the 
D.	Claim 7 is a method similar to the system of claim 13. Claim 19 is a computer program product of similar to claim 13. Both are rejected similarly.

Claims 8, 14 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Alperovitch in view of Lewis et al., US 10,372,768 B1 (hereafter referred to as Lewis).
A.	Regarding dependent claim 14, Alperovitch teaches the system of claim 9, as cited above. Alperovitch does not specifically teach further comprising the step of weighting a given policy obtained from the plurality of organizations in the at least one cluster based on an influence rating of one or more source organizations that provided the given policy. However, in the same field of endeavor, Lewis teaches comprising the step of weighting a given policy obtained from the plurality of organizations in the at least one cluster based on an influence rating of one or more source organizations that provided the given policy (column 2, lines 55-63; column 7, lines 56-63; “This disclosure includes methods and systems for ranking content based on the influence of the entity that generates the content.  The entity's influence may be based on how successful the entity is at sharing one or more media items.  For example, an entity (e.g., user) that is successful at sharing a media item may have the entity's content (e.g., comments, other media items) related to the media item ranked higher than the content of other entities that are not as successful at sharing the media item.”). It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to 
B.	Claim 8 is a method similar to the system of claim 14. Claim 20 is a computer program product of similar to claim 14. Both are rejected similarly.

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Alperovitch in view of Herold et al., US 9,215,142 B2 (hereafter referred to as Herold).
Regarding dependent claim 6, Alperovitch teaches the method of claim 1, as cited above. Alperovitch does not specifically teach wherein the predefined policy sharing criteria comprises one or more of a percentage and a number of the plurality of organizations that employ the at least one selected policy prior to the sharing. However, in the same field of endeavor, Herold teaches wherein the predefined policy sharing criteria comprises one or more of a percentage and a number of the plurality of organizations that employ the at least one selected policy (column 7, lines 64-66; “As described above, the comparative analysis engine 146 identifies differences between the target tenant system 110 and the top performer systems at block 304.” The top performer systems implement the policies for the configuration of the resources. See column 8, lines 24-30; “At block 308, the characteristic or characteristics that were identified at block 304 as being different from the tenant's system are ranked by the comparative analysis engine 146 according to the number of top performer systems that share the characteristic in common.” The top performers have a policy with the “same” configuration.) prior to the sharing (community sharing, column 4, lines 4-11, 27-32; “The .

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Horman, US 6785706 B1, teaches changing the configurations of the managed servers to a new desired configuration.
Bradley et al., US 9253204 B2, teaches using the characteristics of network attacks in one business to determine likelihood of network attacks in another business based on the similarity of the characteristics of the business networks.

Albertson et al., US 9009827 B1, teaches security rules and attack data may be automatically shared, investigated, enabled and used by entities.
Gomes Pereira et al., US 20190347148 A1, teaches root cause and predictive analysis where relevant information is gathered from different networks and social media platforms. The reported actions and social media are used to provide suggested optimization actions.
Cook et al., US 10649752 B2, teaches using a crowd source data repository to share information on target applications and target configurations.
Adderly et al., US 20160063379 A1, using usage data from healthy systems collected by crowd sourcing and generating sets of recommendations for configurations for healthy systems. 
Nickolov et al., US 10142204 B2, evaluating and automatically updating systems using crowd sourced vulnerability and component capability data. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to PATRICE L WINDER whose telephone number is (571)272-3935.  The examiner can normally be reached on M-F 10am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Patrice L Winder/             Primary Examiner, Art Unit 2452