Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

	Claims 1-20 are pending.
Objections
	Claims 2-4, 8, 9, 14, 15 and 19 are objected to for the following informalities:
	Claims 2-4, 8, 9, 14, 15 and 19 recite “and combinations of thereof”. It is suggested to amend the claim to replace “and” with –or--.Appropriate correction is required.
	Regarding claims 6 and 17, claims recite the acronym “ELK”. The acronym ‘“ELK” as recited in the claims should be spelled out and/or defined the first time it is recited in the claims. Appropriate correction required.
Specification
The use of the term ELK stack, Elastisearch, Logstash, and Kibana, which is a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


	Claims 6 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
	Claims 6 and 17 include the trademark or trade name “ELK stack”. According to the specification, ELK is an acronym for “Elastisearch, Logstash, and Kibana” which is a trademark, thus, does not comply with the requirements of the 35 U.S.C. 112(b). The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product. See MPEP 2173.05 (U)) disclosed below. “If the trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of the 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular 
Claim Rejections - 35 USC § 101
	835 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

	Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
	The claims when analyzed under 2019 Revised Patent Subject Matter Eligibility Guidance are directed to abstract idea. Claim 1 for example, is directed to computer network security and threat prevention and detection platform. Claim recites the limitation of: “a central processor operable to receive and aggregate security information from a plurality of network security applications; and a display in communication with the central processor and operable to simultaneously display data form a plurality of network security applications”. The receiving step is recited at a high level of generality (i.e., as a general means of collecting security information) and amount to mere data gathering, which is a form of extra solution activity. Aggregate security information and simultaneously display data, under the broadest reasonable interpretation are directed to organizing human activity except for the recitation of generic “central processor” and “display… central processor”. That is other than reciting central processor and a display nothing in claim element precludes the step from particularly being perform through human activity. For example, but for the central processor the and display language, the claim encompasses a human simply aggregating/combining collected security information and simultaneously displaying/showing data. Thus, the claim recites organizing human activity when analyzed under step 2A prong 1.
	Claim when analyzed under step 2A, Prong 2, recites additional element of “a central processor operable to receive...; and a display in communication with the central processor and operable to simultaneously display…”. Each of the additional limitation is no more than mere instruction to apply the exception using a generic computer component (central processor, display). The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer component. Thus, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limitations on practicing the abstract idea.
	Claim further when evaluated under step 2B it is no more than what is well-understood, routine, conventional activity in the field. The additional elements of the claim does not amount to significantly more than the judicial exception. The specification does not provide any indication that the “central processor” or the “display” is anything other than a generic computer component. The mere collection of receipt and aggregating of information by a processor and a display simultaneously displaying data is a well-understood, routing and conventional function when it is claimed in a merely generic manner as it is here. For example, Wada et al. (20015/0324093), in paragraph [0003], background discloses simultaneous display of plurality of information items. For these reasons, there is no inventive concept in the claims.
	Independent claim 12 is rejected under 35 U.S.C. 101 for being directed to abstract idea for the same reason discussed above with respect to claim 1.
	Dependent claims 2-11 and 13-20 do not cure the deficiency of the independent claims and are rejected under 35 U.S.C. 101 for being directed to abstract idea.

Claim Rejections - 35 USC § 103
		The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 1-5, 7, 8, 10-16, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Lymer et al. (US Patent No. 8,990,723 ) in view of Lee (US Publication No.2015/0346989).
	As per claim 1 and 12, Lymer teaches an integrated computer network security and threat prevention and detection platform (column 4, lines 43-55), comprising: a central processor operable to receive and [aggregate] security information from a plurality of network security applications (column 3, line  66- column 4, line 3); and a display in communication with the central processor (column 4, line 13-14) and operable to simultaneously display data from a plurality of network security applications (figure 5, column 5, lines 38-42, graphical user interface may take any desired form capable of simultaneously conveying a status of each of the applications. [a]s an option, such status may be displayed via a home page of the single graphical user interface”. Column 6, lines 38-39, the applications are security related application). 
	Lymer does not explicitly disclose central processor aggregating. However, aggregating information by processor is well known in the art as illustrated by Lee (paragraph [0070], the processor receives information on each of a plurality of applications sets the plurality of applications in groups (aggregating)).
	It would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to include the  well known feature of aggregating information from plurality of application by central processor as disclosed by Lee with system of Lymer, in order to enable a plurality of application to incorporate with each other and to be executed simultaneously (paragraph [0071]). 
	As per claim 2, Lymer furthermore teaches, wherein the central processor comprises: one or more processors, one or more computers, one or more servers, and combinations thereof (figure 1 and 2, column 3, line 48-column 4, line 14).  
	As per claim 3 and 14, Lymer furthermore teaches, wherein the plurality of network security applications comprises: hardware implemented applications, software implemented applications, and combinations thereof (column 4, lines 24-28).  
	As per claim 4 and 15, Lymer furthermore teaches wherein the plurality of network security applications comprises: firewalls, network traffic monitors, access controls, email monitors, vulnerability scanners, endpoint security monitors, malware detectors, virus detectors, bandwidth usage monitors, and combinations thereof (figure 3, column 4, lines 35-48, applications 301 includes anti-virus, firewall, privacy service, anti-spam and any other application, and column 10, lines 53-58).  
	As per claim 5, Lymer furthermore teaches, wherein the central processor is operable to communicate with application program interfaces of one or more of the plurality of network security applications (figure 3 “application program interface”, and  column 3, lines 1-2 and  “a system adapted for interfacing a plurality of application”).  
	As per claim 7 and 18, Lymer furthermore teaches wherein the central processor is operable to collect, sort, [aggregate], and filter information collected from the plurality of network security applications, to transmit aggregated data to the display for presentation to a user, and to isolate detected threats from the network (column 4, lines 47-64, anti-virus application capable of scanning for viruses, comparing to signatures and cleaning data , the firewall application capable of blocking accesses to computer based on rules or policies).  Lee, disclose central processor is operable to group (aggregate) the application information (paragraph [0070]). The motivation to combine is similar to the motivation provided in independent claim 1.
	As per claim 8 and 19,  Lymer furthermore teaches, wherein the displayed aggregated data comprises: network usage data, network threats data, application usage data, threat mitigation data, malware activity data, virus activity data, and combinations thereof (figure 5, the displayed aggregated data include data anti virus, anti hacker, anti abuse antispam and …).  
	As per claim 10 and 13, Lymer furthermore teaches, wherein the central processor calculates a system risk rating based on data aggregated from the plurality of network security applications (column 6, line 65-column 7,line 4, “in addition to calculating the individual index in operation 1002, an overall index may be calculated which is representative of a degree of risk association with the collective status of the security applications”).  
	As per claim 11, Lymer furthermore teaches, wherein the platform is operable in a layered interconnection network (Lymer, column 3, lines 48-53, Network architecture 100, and Lee paragraph [0065]).  
	As per claim 16, Lymer furthermore teaches wherein the central processor is operable to communicate with application program interfaces of one or more of the plurality of network security applications in a layered network configuration (Lymer, column 3, lines 48-53, Network architecture 100, and Lee paragraph [0065]) and is operable to isolate detected threats from the network (column 4, lines 47-64, anti-virus application capable cleaning data from detected viruses).  

	Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Lymer in view of Lee, further in view of Marquardt et al. (US Patent No. 10,305,924).
	As per claim 6 and 17, Lymer in view of Lee teaches all limitation of claim as applied to claim 1 above. Lymer in view of Lee does not explicitly teach wherein the central processor is operable to communicate with ELK stack interface of one or more of the plurality of network security applications. However, the use of and communication to ELK stack interfaces of network security application by processor is old and well-know in the art as illustrated by Marquardt (column 3, lines 23-25 and column 4, lines 6-11, “the system 110 implements the Elastisearch, Logstash and Kibana software stacks…executes Logstash to ingest and retrieve network data 202 from multiple sources”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the well known ELK stack interfaces as disclosed by Marquardt with system of Lymer and Lee,  in order to ingest data from multiple sources simultaneously, transforming it and provide visualize data to users.   

	Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lymer in view of Lee, further in view of Hsieh (US Publication No. 2014/0040998).
	As per claim 9 and 20, Lymer in view of Lee teaches all limitation of claim as applied to claim 7 above.  Lymer in view of Lee does not explicitly disclose but in an analogous art Hsieh discloses, wherein the displayed aggregated data is presented in a timeline view (paragraph [0041], “[a]particular portion of security data can refer to security data from a particular time period”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Lymer and Lee with Hsieh in order to achieve the predictable result of indicating a particular time period for detected security issues.

	
References Cited, Not Used
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	Reese, US Publication No. 2015/0213275, discloses simultaneously displaying content from a plurality of second computers associated with different security domains on a monitor of a first computer, the content from the second computer in a particular security domain able to be displayed at the first computer in a similar manner as the content is displayed at the second computer in the particular security domain; and forwarding at least one of an I/O event to a desired one of the plurality of second computers dependent on a focus of the content to permit control of the content at the forwarded computer without switching between security domains.	
	Hopkins, US Pub No. 2005/0042593, discloses providing help content for a web-based application, and is particularly concerned with simultaneously displaying customizable, interactive help content in a browser window for an object of a web-based application as the object is triggered in another browser window supporting the web-based application.
Conclusion
	   Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300 Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
                                                                                                                                                                                                   /ALI S ABYANEH/Primary Examiner, Art Unit 2437