Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.       This Office Action is in response to the communication filed on March 12, 2021, which paper has been placed of record in the file.
2.           Claims 1-11 are pending in this application. 



Information Disclosure Statement
3.        The information disclosure statements (IDS) submitted on March 12, 2021is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.




Claim Rejections - 35 USC § 101
4.        35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


            Note: Examiner points Applicant to the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

5.      Claims 1-11 are rejected under 35 U.S.C. 101 because the claim invention is directed to a judicial exception (i.e., law of nature, natural phenomenon, or abstract idea) without significantly more.
             Independent claim 1, which is illustrative of the all independent claims and analyzing as the following:
         Step 1: Statutory Category? (is the claim(s) directed to a process, machine, manufacture or composition of matter?). Yes. The claim recites an apparatus and, therefore, is a machine.
           Step 2A - Prong 1: Judicial Exception Recited? (is the claim(s) recited a judicial exception (an abstract idea enumerated in the 2019 PEG, a law of nature, or a natural phenomenon). Yes. The claim recites the following limitations: generating a rooted random tree, generating a contagion process of the edges of the random tree, selecting a node in the random tree…, identifying nodes that can be reached by the contagion process, generating losses on each of the nodes and aggregating the losses, and repeating steps to generate new total losses originating from a cyber-attack, which is a method of organizing human activity (fundamental economic principles or practice including hedging, insurance, mitigating risk), then it falls within the “Organizing human activity” grouping of abstract idea. Moreover, the claim recites the following limitations of: generating a rooted random tree, generating a contagion process of the edges of the random tree, selecting a node in the random tree…, identifying nodes that can be reached by the contagion process, generating losses on each of the nodes and aggregating the losses, and repeating steps to generate new total losses originating from a cyber-attack, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, other than reciting “a computer”, nothing in the claim elements preclude the steps from practically being performed in the mind. The mere nominal recitation of a generic computing device does not take the claim limitation out of the mental processes grouping. Thus, if a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas. In addition, the claim recites the following limitations of generating losses on each of the nodes and aggregating the losses, and repeating steps to generate new total losses originating from a cyber-attack , which are Mathematical concepts including mathematical relationships. Accordingly, the claim recites an abstract idea. 
             Step 2A - Prong 2: Integrated into a Practical Application? (is the claim(s) recited additional elements that integrate the exception into a practical application of the exception). No. This judicial exception is not integrated into a practical application. In particular, the claim recites the additional elements of a processor, and using the processor to perform generating, selecting, identifying, generating and repeating steps. The processor is recited at a high-level of generality (i.e., as a generic computing device performing a generic computer function of generating, selecting, identifying, generating and repeating steps) such that it amounts no more than mere instructions to apply the the processor). The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer components.  Each of the additional limitations is no more than mere instructions to apply the exception using a generic computer component (the processor). The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer component. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Accordingly, the claim is directed to an abstract idea. 
           The Berkheimer Memorandum mandates that an additional element (or combination of elements) is not well-understood, routine or conventional unless the examiner finds, and expressly supports a rejection in writing with, one or more of the following: 
           (1) a citation to an express statement in the specification or to a statement made by an applicant during prosecution that demonstrates the well-understood, routine, conventional nature of the additional element(s); 
           (2) a citation to one or more of the court decisions discussed in MPEP § 2106.05(d)(II) as noting the well-understood, routine, conventional nature of the additional element(s); 
           (3) a citation to a publication that demonstrates the well-understood, routine, conventional nature of the additional element(s); or 

            In this case, the present Specification described in figure 5 and paras [00254-00255] of using general-purpose computer and available commercial products to perform the method. Thus, the applicant provides (1) a citation to an express statement in the specification or to a statement made by an applicant during prosecution that demonstrates the well-understood, routine, conventional nature of the additional elements. 
	Step 2B: Claim provides an Inventive Concept? (is the claim(s) recited additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception). No. As discussed with respect to Step 2A Prong Two, the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception on a generic computer cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. 
           For these reasons there is no inventive concept in the claim, and thus the claim is not patent eligible.
         The dependent claims do not add limitations that meaningfully limit the abstract idea. For example, Claim 2 recites generating the random tree comprises: specifying a number of random trees.., specifying the values of parameters…, applying a command for sampling from a multinomial distribution…, applying a loop that iterates through levels Claim 3 recites generating the contagion process of the edges comprises: specifying the values of parameters…, generating repeated samples from a Bernoulli distribution…, selecting only columns of the matrix…, storing those columns in a separate matrix, and consider that edges associated with the successful Bernoulli trials.....(Mathematical Concepts, mathematical calculations); Claim 4 recites choosing the nodes that will be infected…; Claim 5 recites identifying the nodes that can be reached by the contagion process…; Claim 6 recites generating losses comprises…; Therefore, the dependent claims do not impart patent eligibility to the abstract idea of the independent claim. The dependent claims rather further narrow the abstract idea and the narrower scope does not change the outcome of the two part Mayo test. Narrowing the scope of the claims is not enough to impart eligibility as it is still interpreted as an abstract idea, a narrower abstract idea. Therefore none of the dependent claims alone or as an ordered combination add limitations that qualify as significantly more than the abstract idea. 
          Regarding independent claims 7 and 11 Alice Corp. establishes that the same analysis should be used for all categories of claims. Therefore, independent claim 7 directed to an apparatus, independent claim 11 directed to a method, and are also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as independent method claim 11. 
          Accordingly, claims 1-11 are not draw to eligible subject matter as they are directed to an abstract idea without significantly more and are rejected under 35 USC § 101 as being directed to non-statutory subject matter.



Allowable Subject Matter
6.           Claims 1-11 are allowed over the prior arts cited of record because the prior arts cited of record do not disclose at least “selecting a node in the random tree that will be infected and represent a starting node of the contagion process; identifying nodes that can be reached by the contagion process; generating losses on each of the nodes and aggregating the losses; and repeating steps (1) - (5) to generate new total losses originating from a cyber-attack” recited in claims 1 and 7; and  “defining a contagion process stemming from an event of a breach of a node of the plurality of network topology nodes given a particular temporal instance of the network topology; and summing all losses, given a particular node of the plurality of network topology nodes where an infection starts and a realization of the contagion process to characterize one observation point in aggregate loss distribution due to breach” recited in claim 11.


          
                                                            Conclusion
7.          Claims 1-11 are rejected.
8.     The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure:

             Dasgupta et al. (US 2019/0312881) disclose a system and related methods for providing greater security and control over access to classified files and documents and other forms of sensitive information based upon a multi-user permission strategy centering on organizational structure.
             NIxon et al. (US 2018/0113442) disclose securing communications from a process plant to a remote system includes a data diode disposed there between that allows data to egress from the plant but prevents ingress of data into the plant and its associated systems.
            Wright et al. (US 2018/0046796) disclose a system and method includes at an authentication platform that is implemented via one or more computing servers: identifying compromised credential data, wherein compromised credential data comprise compromised credentials for one or more compromised accounts that have been exposed to a malicious actor via an illegitimate method, the compromised credentials including credentials that are useable for authentication to or for accessing the one or more compromised accounts.
            Alnajem (US 2017/0300911) discloses a system for evaluating risk in an electronic banking transaction by estimating an aggregated risk value from a set of risk factors that are either dependent or independent of each other.

            Cam (US 2017/0046519) discloses monitoring or modifying a network of electronically connected assets that dynamically builds relationships and dependencies among detected vulnerabilities in one or more of the assets and sensor measurements so that risk assessment can be achieved more accurately and in real-time.
            Rubin (US 2017/0039374) discloses a method for protecting a software system against cyber-attacks comprising the following steps: subdividing the software system into components, wherein each component maps a set of input vectors to a non-deterministic set of stochastic output vectors.
            Lee et al. (US 2016/0012235) disclose systems and methods estimate expected loss risk to computers and enterprises based on the data files present on computers and data file clusters within the enterprise. 
            Abercrombie et al. (US 2014/0108089) disclose a computer implemented method monetizes the security of a cyber-system in terms of losses each stakeholder may expect to lose if a security break down occurs.
            Segev et al. (US 10,148,680) disclose a computer program product for performing anomaly detection, a detected anomaly being indicative of an undesirable event.


9.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner NGA B NGUYEN whose telephone number is (571) 272-6796.  The examiner can normally be reached on Monday-Friday 7AM-5PM.
          Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eric Stamber can be reached on (571) 272-6724.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/NGA B NGUYEN/Primary Examiner, Art Unit 3683                                                                                                                                                                                                                                                                                                                                                                                                                July 29, 2021