DETAILED ACTION
Notice to Applicant
The following is an Examiner's Amendment and Reasons for Allowance in response to Applicant’s Amendment filed 03/30/2021 and communication with Applicant Representative Joel E. Lehrer, Reg. No. 56,401 on 05/25/2021 (see attached Interview Summary). The amendment is supported by at least paragraphs 59-60, 171, and 174 of the Specification1 and Fig. 12-15 of the Drawings. 

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Applicant Representative Joel E. Lehrer, Reg. No. 56,401 on 06/01/2021.

The application has been amended as follows, in the claims: 
1-33. (Cancelled)
34. (Currently Amended) A computer-implemented method comprising: 
obtaining, via an application programming interface, transaction data representing a plurality of transactions conducted over the Internet between (a) each particular business entity that belongs to a portfolio of business entities and (b) other business entities, wherein the transaction data relates to at least one of the use of domains, IP addresses, elements of the DNS, TCP or UDP ports or services, security handshakes, and at least one protocol associated with a TCP/IP stack; 
receiving information, based on the obtained transaction data, that is indicative of service relationships between (a) each particular business entity that belongs to [[a]] the portfolio of business entities, and (b) the other business entities, wherein the other business entities comprise a plurality of third-party entities and at least one fourth-party entity, the third party entities having a direct service relationship with the particular business entity and the fourth-party entity having an indirect service relationship with the particular business entity via at least one third-party entity of the plurality of third-party entities;

identifying the service relationships based on the received information, the determined asset type, and the determined at least one asset entity,
based on the identified service relationships, graphically displaying first information in an interactive user interface that is indicative of a risk, wherein the risk is related to the identified service relationships and comprises at least one of sensitive data loss risk, system outage risk, or a risk of damaged reputation to an entity that is associated with the portfolio, and wherein the first information displayed in the interactive user interface comprises a graph of a plurality of interactive node elements and edge elements that represent the identified service relationships, the node elements representing each particular business entity and the other business entities, including multiple third-party entities and the fourth-party entity, wherein the interactive node elements and edge elements are selectable by a user within the interactive user interface;
receiving a selection, in the interactive user interface, of an interactive node element representing the fourth-party entity; 
responsive to the selection, graphically displayingmultiple third-party entities  of the third-party entities at least one third-party entity and/or the particular business entity, and wherein the condensed representation is generated by modifying the graph of nodes in the interactive user interface by (i) condensing interactive node elements corresponding to the multiple third-party entities into an enlarged interactive parent node element based on the service relationships between the represented entities and (ii) visually emphasizing the relationship between the interactive node element representing the fourth-party entity and at least one interactive node element representing an impacted entity including the enlarged parent node element. 

35. (Currently Amended) The method of claim 34 in which the received information includes automatically derived information from sources external to the entities.  

includes information derived from at least two sources.  

37. (Currently Amended) The method of claim 34 in which the received information includes information derived from publicly available documents.  

38. (Previously Presented) The method of claim 37 in which the publicly available documents comprise at least one of public filings, disclosures, or resumes.  

39-40. (Cancelled)

41. (Currently Amended) The method of claim 34 in which the 

42. (Previously presented) The method of claim 34 in which the risk comprises a technology breach with respect to one of the other business entities.  

43. (Currently Amended) The method of claim 34 in which the displayed first information isNon-Final Office Action dated September 30, 2020 4 indicative of an extent of the risk.  

44-45. (Cancelled)

46. (Previously Presented) The method of claim 34 in which the displayed second information comprises information organized based on a scope of an aggregate risk.  

47. (Previously Presented) The method of claim 34 in which the displayed second information comprises information organized based on a type of a service relationship.  

48. (Previously Presented) The method of claim 34 in which the displayed second information comprises information indicative of a scope of the risk for each of the portfolio business entities with respect to the service relationship with each of the other business entities.  

49. (Previously Presented) The method of claim 34 in which the displayed second information comprises indicators of risk with respect to at least one of the other business entities.  

50. (Previously presented) The method of claim 49 in which the indicators of risk comprise a security rating.  



52. (Previously Presented) The method of claim 51 in which the entity associated with the portfolio comprises an insurer.  

53. (Previously Presented) The method of claim 34 in which the displayed second information comprises information that is indicative of a risk to one of the other entities based on service relationships of additional entities with the other entities.  

54. (Previously presented) The method of claim 34 in which at least one of the service relationships comprises at least one of website hosting or email management.  

55. (Original) The method of claim 34 in which the business entities that belong to the portfolio are identified by a user.  

56. (Currently Amended) A computer implemented method comprising: 
automatically observing activity that is indicative of service relationships between (a) business entities that belong to a portfolio and (b) other entities that provide services, wherein the other entities comprise a plurality of third-party entities and at least one fourth-party entity, the third party entities having a direct service relationship with at least one business entity and the fourth-party entity having an indirect service relationship with the at least one business entity via at least one third-party entity of the plurality of third-party entities; wherein the activity is obtained, via an application programming interface, including transaction data representing a plurality of transactions conducted over the Internet between (a) the business entities that belong to the portfolio and (b) the other business entities, the transactions relating to at least one of the use of domains, IP addresses, elements of the DNS, TCP or UDP ports or services, security handshakes, and at least one protocol associated with a TCP/IP stack. 
determining, based on the observed activity
identifying the service relationships, based on, at least in part, [[a]] the plurality of transactions on the Internet 
providing, to a user through at least one of a web browser or a mobile application, first information displayed in an interactive user interface about the service relationships between the business entities that belong to the portfolio and the other entities that provide the services, the information being indicative of a risk, wherein the risk comprises at least one of 
wherein the first information displayed in the interactive user interface comprises a graph of a plurality of interactive node elements and edge elements that represent the identified service relationships, the node elements representing the business entities that belong to the portfolio and the other business entities, including multiple third-party entities and the fourth-party entity, wherein the interactive node elements and edge elements are selectable by a user within the interactive user interface;
receiving a selection in the interactive user interface, via at least one of the web browser or the mobile application, of an interactive node element representing
responsive to the selection, graphically displaying, in at least one of the web browser or the mobile application, (i) a condensed representation of the multiple third-party entitiessecond information indicative of the risk to [[the]] at least one of the third-partyentities and/or at least one of the business entities, wherein the second information indicative of the risk comprises an asset risk percentage and a number of impacted assets for the at least one third-party entity and/or the at least one business entity, and wherein the condensed representation is generated by modifying the graph of nodes in the interactive user interface by (i) condensing interactive node elements corresponding to the multiple third-party entities into an enlarged interactive parent node element based on the service relationships between the represented entities and (ii) visually emphasizing the relationship between the interactive node element representing the fourth-party entity and at least one interactive node element representing an impacted entity including the enlarged parent node element. 

57. (Previously presented) The method of claim 56 in which the activity is observed automatically from sources external to the business entities that belong to the portfolio.  

58. (Previously presented) The method of claim 56 in which the activity is observed from a plurality of sources.  

59. (Original) The method of claim 56 in which the activity is observed from publicly available documents.  

60. (Previously presented) The method of claim 59 in which the publicly available documents comprise public filings, disclosures, or resumes.  



62. (Currently Amended) The method of claim 56 in which the activity observed comprises transactions between a client and a server that use the at least one protocol associated with [[a]] the TCP/IP IPTS/108625414.1Application No.: 15/044,952Docket No.: BST-008 Response dated March 30, 2021 Non-Final Office Action dated September 30, 2020 7 stack.  

63. (Original) The method of claim 62 in which the activity is observed at the server.  

64. (Currently Amended) The method of claim 62 in which the observed activity includes transactions relating to at least one of the TCP or UDP ports or services with respect to a particular IP address.  

65. (Currently Amended) The method of claim 62 in which the observed activity includes transactions relating 

66. (Currently Amended) The method of claim 62 in which the observed activity includes 

67. (Previously presented) The method of claim 62 in which the observed activity relates to assets of application protocols.  

68. (Currently Amended) The method of claim 62 in which the observed activity includes transactions relating

69. (Previously presented) The method of claim 62 in which the transactions comprise information that conforms to at least one of a format of the protocol, information that does not conform to a format of the protocol, or a combination thereof.  

70. (Original) The method of claim 56 in which at least some of the activity is observed actively.  

71. (Previously presented) The method of claim 56 in which at least some of the activity is observed passively.  

72. (Previously presented) The method of claim 56 in which at least some of the activity is observed by a combination of active observation and passive observation.  



74. (Previously presented) The method of claim 73 comprising causing the observed activity so that the observation of the activity provides information that corresponds to the activity and other information.  

75. (Previously presented) The method of claim 74 in which causing the observed activity comprises controlling an IP address of the source of the observed activity.  

76. (Previously presented) The method of claim 74 in which causing the observed activity comprises controlling a timing of the activity.  

77. (Previously presented) The method of claim 74 in which causing the observed activity comprises controlling characteristics of a request that causes the observed activity.  

78. (Cancelled)

79. (Previously presented) The method of claim 71 in which the activity is observed by a party that has access to the activity along a route of traffic triggered by the activity, by permission.  

80. (Previously presented) The method of claim 71 in which the activity is observed without knowledge of an identity of the client that is a party to the activity.  

81. (Previously presented) The method of claim 71 in which the passive observation of the IPTS/108625414.1Application No.: 15/044,952Docket No.: BST-008 Response dated March 30, 2021 Non-Final Office Action dated September 30, 2020 9 activity comprises deriving metadata about the activity.  

82. (Original) The method of claim 56 in which at least some of the activity is observed passively and at least some of the activity is observed actively, and at least aspects of the act of observation are based on information obtained by the passive observation.  

83. (Previously presented) The method of claim 56 further comprising applying a classifier to the observed activity to derive information about at least one of an entity associated with an IP address or a service at a port.  

84. (Original) The method of claim 83 in which the derived information comprises the identities of entities responsible for an asset.  



86. (Original) The method of claim 83 in which the derived information defines an asset.  

87. (Original) The method of claim 86 in which the asset is defined based on dependencies.  

88. (Original) The method of claim 56 in which the observed activity comprises the use of domains and IP addresses and the observed activity is indicative of entities responsible for the domains and IP addresses.  

89. (Previously presented) The method of claim 88 in which responsibility comprises dual entity responsibility.  

90. (Previously presented) The method of claim 88 in which responsibility comprises multiple entity responsibility.  

91. (Original) The method of claim 56 in which the activity on the Internet is automatically observed by collecting raw data at a data collector, and the method comprises classifying the raw data at the data collector, and identifying the service relationships based on results of the classifying.  

92. (Original) The method of claim 91 in which the classifying depends on a protocol used for the activity on the Internet.  

93. (Currently Amended) A computer implemented method comprising: 
Obtaining, via an application programming interface, transaction data representing a plurality of transactions conducted over the Internet between a portfolio of business entities, wherein the transaction data relates to at least one of the use of domains, IP addresses, elements of the DNS, TCP or UDP ports or services, security handshakes, and at least one protocol associated with a TCP/IP stack. 
receiving through a communication network, based on the obtained transaction data, information identifying [[a]] service relationships of the portfolio of business entities with which a principal entity has or is considering business relationships; 
determining, based on the information identifying service relationships of the portfolio of business entities 
service relationships of the portfolio of business entities, the determined asset type, and the determined at least one asset entity, querying a database to identify third-party entities that provide technology services to the portfolio business entities and to identify a category of technology services to which each of the technology services provided to the portfolio of business entities belongs, the database further comprising information related to at least one fourth-party entity having an indirect relationship with at least one portfolio business entity via at least one third-party entity; 
based on the identified third-party entities and the categories of technology service, determining and graphically displaying, in [[a]] an interactive user interface coupled to the database, a risk, wherein the risk is related to the identified service relationships and comprises at least one of sensitive data loss risk, system outage risk, or a risk of damaged reputation to the principal entity that are associated with the providing of the technology services by the third-party entities to the portfolio business entities; 
wherein the displaying includes graphically displaying in the interactive user interface a graph of interactive node elements and edge elements that represent the identified service relationships, the node elements representing a plurality of entities including the portfolio business entities, the third-party entities, and the at least one fourth-party entity, wherein the interactive node elements and edge elements are selectable by a user within the interactive user interface; 
receiving a selection, in the interactive user interface, of an interactive node element representing 
responsive to the selection, graphically displayingmultiple third-party entities the at least one portfolio business entity, wherein the information indicative of the risk comprises an asset risk percentage and a number of impacted assets for the at least one third-party entity and/or the at least one portfolio , and wherein the condensed representation is generated by modifying the graph of nodes in the interactive user interface by (i) condensing interactive node elements corresponding to the multiple third-party entities into an enlarged interactive parent node element based on the service relationships between the represented entities and (ii) visually emphasizing the relationship between the interactive node element representing the fourth-party entity and at least one interactive node element representing an impacted entity including the enlarged parent node element. 

94. (Previously Presented) The method of claim 93 comprising reporting the risk through the communication network for use in displaying potential risks to a user.  



96. (Previously Presented) The method of claim 93 in which the risk is indicative of possible steps that could balance risk across the portfolio business entities and reduce risk to the principal business entity.  

97. (Original) The method of claim 96 in which the principal business entity comprises a carrier of insurance risk.  

98 - 107. (Cancelled)  

108. (Original) The method of claim 56 in which the observation is solely active.  

109. (Original) The method of claim 56 in which the observation is solely passive.  

110. (Previously presented) The method of claim 34 in which the risk comprises a supply chain interruption based on geography.  

111. (Cancelled)


Allowable Subject Matter
Claims 34-44, 46-77, 79-97, and 108-111 were pending. Claims 1-33, 45, 78, and 98-107 being previously cancelled. Claims 34-37, 41, 43, 56, 62, 64-66, 68, and 93 are now amended and claims 39-40, 44, 61, and 111 are cancelled with Examiner’s amendment. Claims 34-38, 41-43, 46-60, 62-77, 79-97, and 108-110 are now allowed as explained further below in the reasons for allowance.  

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
The objection to claim 111 in the previous office action is withdrawn in view of Applicant’s amendments to the claim dated 03/30/2021. 


Regarding subject matter eligibility, the claims are analyzed under the framework identified in the 2019 Revised Patent Subject Matter Eligibility Guidance issued 7 January 2019 which “(a)ll USPTO personnel,.. .as a matter of internal agency management, (are) expected to follow” and Examiner notes, for clarity of the record, that the claimed invention is patent eligible because the claims recite additional elements that, when viewing the claim(s) as a whole, integrate the recited abstract idea into a practical application. Specifically, the claims recite additional elements that include obtaining transaction data, via an application programming interface, for transactions conducted over the Internet between business entities including at least one of the use of domains, IP addresses, elements of the DNS, TCP or UDP ports or services, security handshakes, and at least one protocol associated with a TCP/IP stack, the transaction data being used to determine service relationships between the business entities, and based on identifying the service relationships according to the obtained internet transaction data, representing the entities and relationships in an interactive graphical user interface representation of a graph of interactive nodes and edges, selectable by a user, and in response to user selection of a particular node element modifying the GUI representation to condense multiple third-party entity nodes into a single enlarged interactive node element and visually emphasizing the relationships between the selected element and risk impacted entities including the enlarged parent node element which when considered as a whole amount to more than merely applying the abstract idea on a general purpose computer, limiting the abstract idea to a particular technological environment or field of use, or insignificant extra-solution activity but instead provides an improvement to technology by providing an improved user interface for visualizing entity risk maps by “reduc[ing] the complexity of the presentation and to enable a user to highlight the biggest risks faced by an entity at a glance.” (Spec: [0170]-[0171]) (MPEP 2106.05(a)) and/or otherwise uses the recited abstract idea in a meaningful way that integrates the abstract idea into a practical application beyond generally linking it to a particular technological environment (MPEP 2106.05(e)). 


The prior art references most closely resembling Applicant’s claimed invention are as follows:
The prior art previously made of record including at least Muddu et al. US 20170063901 A1, Ng et al. US 20160189301 A1, Yampolskiy et al. US 9294498 B1, and Schultz et al. US 20150381649 A1, as described in detail in the previous office action, and failing both individually and in combination to teach or reasonably suggest the combination of elements in the claims including at least responsive to selection of a fourth-party entity node element “graphically displaying (i) a condensed representation of the multiple third-party entities having a relationship with the fourth-party entity and (ii) second information indicative of the risk to at least one of the third-party entitiesby (i) condensing interactive node elements corresponding to the multiple third-party entities into an enlarged interactive parent node element based on the service relationships between the represented entities and (ii) visually emphasizing the relationship between the interactive node element representing the fourth-party entity and at least one interactive node element representing an impacted entity including the enlarged parent node element.” As recited in representative claim 34. 
Zoldi et al. US 20150195299 A1: Describing cybersecurity threat assessment using risk propagation and analysis including graphs of the connections between networked communication components 
Sweeney et al. US 20170213292 A1: Describing interactive graphs of relationships between entities and risk including highlighting edges based on relative risk
Pitt US 20140101006 A1 describing the visualizing of entity relationship networks including providing similar entities represented as a single node element within the graph and the ability to select to expand the node into individual entity nodes;
Gvelesiani US 20080270458 A1: describing systems and methods for displaying information about business related entities including visualizing relationship networks of entities and combining or merging knowledge about differently identified entities that relate to the same logical entity, e.g. combining similarly or identically named entities into a single representative node that is selectable to list the various information about the entity (e.g. Fig. 3F “307g” and [0036]: In some embodiments, the BKMS may automatically combine similarly or identically named entities based on similarly structured relationship networks associated with those entities, for purposes of merging business knowledge about differently identified entities (e.g., determining that gathered information related to "NeXT, Inc.," "NeXT Software, Inc.," and "NeXT Software" refer to the same corporate entity, based on similar relationship networks associated with those three entity names).), but failing to teach 
Schiffer et al. US 20160026939 A1: Describing interactive graphical representations of relationships between entities based on activity and visually emphasizing the size of entity nodes based on relative weight or value of the node, but failing to describe at least any “condensing” or merging of third-party entity nodes into a single enlarged parent node responsive to selecting a fourth-party node element. 
Rees, Loren Paul, et al. "Decision support for cybersecurity risk planning." Decision Support Systems 51.3 (2011): 493-505.: describing cybersecurity risk analysis and asset impact determination 
Santos, Joost R., Yacov Y. Haimes, and Chenyang Lian. "A framework for linking cybersecurity metrics to the modeling of macroeconomic interdependencies." Risk Analysis: An International Journal 27.5 (2007): 1283-1297.: describing the analysis of cybersecurity metrics and impacts based on macroeconomic interdependencies and risk propagation
Additional prior art found relevant but failing, both individually and in combination with the other prior art of record, to teach or reasonably suggest the claimed invention include the references cited below:
Georges et al. US 20150331932 A1, Duplessis et al. US 20110249002 A1, Xie et al. US 20100309206 A1, Itoh et al. US 20030011601 A1: describing systems and methods for visualization and manipulation of network graphs including visually modifying and clustering nodes of the graph(s) to represent subnodes/subgraphs.
Lyras US 20140330616 A1: describing the visualization of topographical maps of enterprise data and providing for the expanding or collapsing of child nodes under parent nodes to reduce the amount of nodes displayed or to allow the user to zoom in on particular nodes;
De Peuter US 20110148880 A1:
Herz et al. US 20090228830 A1: describing interactive graph functions including expanding and contracting data including relationship data between entities but failing to teach at least the condensing or combining of entity nodes into an enlarged parent node of the third-party entities.
Willis et al. US 20130212479 A1 and Meng Muntz et al. US 20060271564 A1: Describing system and method(s) for analyzing and visualizing community and/or social network member connections including visually representing member’s measures of influence or strength of connections based on relative size of nodes.
Furthermore, neither the prior art, nature of the problem, nor knowledge of a person having ordinary skill in the art provides for any predictable or reasonable rationale to combine prior art teachings to render the claimed invention obvious.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHELBY A TURNER whose telephone number is (571)272-6334. (via email: Shelby.Turner1@uspto.gov “without a written authorization by applicant in place, the USPTO will not respond via internet e-mail to an Internet correspondence” MPEP 502.02 II). The examiner can normally be reached on M-F 10-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jerry O’Connor can be reached on (571) 272-6787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/SHELBY A TURNER/Examiner, Art Unit 3624                                                                                                                                                                                                        
	



    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Pre-Grant Publication US20170236077A1