DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to amendment filed on 5/24/2021.  The Applicant has amended claims 1, 7, and 13 have been amended.  Claims 1-20 have been examined.  This office action is Final.


Response to Amendment

Applicant's arguments filed 5/24/2021 have been fully considered but they are not persuasive. 
On page 8 of the Applicant’s arguments, the Applicant states that in regards to previous 101 rejection, that the “processor, data bus, and non-transitory computer readable instructions are part of a specialized information handling system, that is a specialized computing device”. The Applicant argues that the information handling system improves the functionality of the
information handling system and provides a useful and concrete result of performing security
analytics functions to identify anomalous, abnormal, unexpected or malicious user behavior”.
The Examiner disagrees with the Applicant. The mere nominal recitation of a process, data bus, and non-transitory media does not take the claim limitations out of the mental process. The claim limitations do not integrated into a practical application, because the claim recites 
application because they do not impose any meaningful limits on practicing the abstract idea.
Thus, the claims are still directed to an abstract idea without being integrated within a practical application. The claims 1-20 remain rejected under 101.
On page 9 of the Applicant’s arguments, the Applicant states that the prior art of
Kshirsagar does not disclose, “a user profile which includes a mindset factor, the mindset factor
comprising information used to determine a mental state of a user at a particular point in time”.
(A). The Examiner disagrees with the Applicant. Kshirsagar discloses a factor can be
any pattern of observable values relating to a user interaction (Kshirsagar: para. 0019). When
these observables are stored in a user profile, they are called historical activities (Kshirsagar: para. 0019).  In particular, whenever an information system receives an event notification, that
event notification may be stored as a historical activity in the user's profile (Kshirsagar: para. 0019).  In general, these values are stored in a profile and used to determine factors such as usage
patterns with one or more applications and/or one or more client devices, as well as the associated user preferences (Kshirsagar: para. 0019).
Kshirsagar discloses user behavior may be another factor (Kshirsagar: para. 0021). User
behavior relates to correlations of usage patterns with other input other that the application or

social network records during lunch breaks. Another example might be the user typically
accessing www.fredspizza.com on rainy Sundays, indicating that the user does not typically go
out for food (Kshirsagar: para. 0021). A user mindset factor is associated with the users
behavior, the mindset factor comprising information used to determine a mental state of a user at
a particular point in time (Kshirsagar: para. 0021, user behavior is associated with the mindset
factor, Kshirsagar discloses a user accessing a website www fredspizza.com on rainy Sundays,
indicating that the user does not typically go out for food when itis raining, thus the mindset
factor comprising information used to determine a mental state; the mental state of a user a
particular point in time, such as Sundays when it is raining, ordering pizza).

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.  
The claims recite limitations of monitoring user interactions and converting user interactions.  These limitations, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, other than reciting, “a processor”, “data bus”, and “non-transitory computer-readable storage medium”, nothing in the claim elements precludes the 
The claim recite monitoring information, and using the information to apply a policy. The applying step is merely data gathering which is a form of insignificant extra-solution activity. Each of the additional limitations is no more than mere instructions to apply the exception using a generic computer components. The additional elements in the claims amount to no more than mere instructions to apply the exception using generic computer components. The Applicant’s specification does not provide any indication that the processor, data bus, and non-transitory computer readable medium is anything other than generic, off-the-shelf computer components, and the Symantec, TLI, and OIP Techs, court decisions cited in MPEP 2106.05(d)(II) indicate that mere collection of information over a network is well-understood, routine, and conventional function when it is claimed in a merely generic manner. Accordingly, the gather step is well-understood, routine, conventional activity that is supported under Berkheimer.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 5-7, 11-13, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Hutson et al (2008/0168453) in view of Kaufmann et al. (2009/0300712), and further in view of Kshirsagar et al (2013/0055367).
As per claim 1, Hutson discloses a computer-implementable method for enforcing security policies, comprising: 
monitoring electronically-observable user interactions of an entity (Hutson: para. 0014, 0018, monitoring improper behavior (i.e. user interactions) on a network (i.e. electronically-observable) of an entity (i.e. user); monitoring communications include email, instant messages, web postings, file transfers, and voice over Internet (i.e. electronically observable user interactions), the electronically-observable user interactions comprising corresponding user behavior of the entity (Hutson: para. 0015-0016, 0027, electronically-observable user interactions (i.e. social security numbers within email communications); 
(Hutson: para. 0016-0017, converting the electronically-observable user interactions (i.e. improper behavior) into electronic information representing the user behavior (i.e. electronic information/incident notification includes a copy of the electronic communication);
applying an organization specific security policy based upon the electronic information representing the user behavior (Hutson: para. 0015-0018, applying the organization specific security policy (i.e. looks for a condition where nine numbers are found within eleven contiguous spaces) based on electronic information representing the user behavior).
Hutson does not explicitly disclose the organization specific security policy comprising an automatically generated organization specific rule, the organization specific security policy comprising an aggregation of a plurality of entity specific security policies, each of the plurality of entity specific security policies corresponding to a respective entity. 
Kaufmann discloses the organization specific security policy comprising an automatically generated organization specific rule (Kaufmann: para. 0011, 0013-0014, business rule (i.e. organization specific rule)), the organization specific security policy comprising an aggregation of a plurality of entity specific security policies, each of the plurality of entity specific security policies corresponding to respective entity (Kaufmann: para. 0013-0014, 0083, the Examiner asserts that a policies are for a group of users, such as a department in an organization, the department or group of users the Examiner asserts are the entities, and Kaufmann discloses more than one policy can be defined for the entity, which the Examiner asserts are the entity specific security policies).
(Kaufmann: para. 0009, 0078).
Hutson and Kaufmann do not explicitly disclose each respective entity having a corresponding user profile, each corresponding user profile comprising a collection of information that uniquely describes an identify of the respective entity, the collection of information comprising a user profile attribute, a user behavior factor and a user mindset factor, the mindset factor comprising information used to determine a mental state of a user at a particular point in time; and using the organization specific security policy to perform a security analytics operation, the security analytics operation identifying anomalous, abnormal, unexpected, or malicious user behavior.
Kshirsagar discloses each respective entity having a corresponding user profile (Kshirsagar: para. 0018, each respective entity (i.e. user) having a corresponding data structure called a profile (i.e. user profile)), each corresponding user profile comprising a collection of information that uniquely describes an identify of the respective entity, the collection of information comprising a user profile attribute, a user behavior factor and a user mindset factor, the mindset factor comprising information used to determine a mental state of a user at a particular point in time; and using the organization specific security policy to perform a security (Kshirsagar: para. 0018-0023, a user the Examiner asserts is a respective entity, whose factors may be associated with a user’s identity, there are multiple factors, such as user behavior which is stored in a profile, factors are stored in a user profile, determine usage patterns (i.e. user profile attribute), a user mindset factor is associated with the users behavior, the mindset factor comprising information used to determine a mental state of a user at a particular point in time (Kshirsagar: para. 0021, user behavior is associated with the mindset factor, Kshirsagar discloses a user accessing a website www. fredspizza.com on rainy Sundays, indicating that the user does not typically go out for food when it is raining, thus the mindset factor comprising information used to determine a mental state; the mental state of a user a particular point in time, such as Sundays when it is raining, ordering pizza).
It would have been obvious to one of ordinary skill at the time of the effective filing date of the claimed invention to include each respective entity having a corresponding user profile, each corresponding user profile comprising a collection of information that uniquely describes an identify of the respective entity, the collection of information comprising a user profile attribute, a user behavior factor and a user mindset factor, the mindset factor comprising information used to determine a mental state of a user at particular point in time; and using the organization specific security policy to perform a security analytics operation, the security analytics operation identifying anomalous, abnormal, unexpected, or malicious user behavior of Kshirsagar with Hutson and Kaufmann all are analogous in the part of observing events on a network, the motivation is that the factors are used to identify information of a user, thus this is a security measure that can be used to identify patterns in the information to look for security attacks or threat monitoring (Kshirsagar: para. 0025).

As per claim 5, Hutson, Kaufmann, and Kshirsagar disclose the method of claim 1.
Hutson further discloses detecting occurrence of an event (Hutson: para. 0018, detecting occurrence of an event (i.e. incident)); associating the event with an entity (Hutson: para. 0015-0016, associating the event (i.e. incident) with an entity (i.e. user and/or organization)); and applying the organization specific security policy to the entity based upon the event (Hutson: para. 0015-0018, applying the organization specific security policy (i.e. looks for a condition where nine numbers are found within eleven contiguous spaces) to the entity (i.e. user and/or organization based upon the event) .
         As per claim 6, Hutson, Kaufmann, and Kshirsagar disclose the method of claim 1.
         Hutson discloses associating the organization specific security policy with the particular entity; and applying the organization security policy to the entity (Hutson: para. 0015-0018, applying the organization specific security policy (i.e. looks for a condition where nine numbers are found within eleven contiguous spaces) with a particular entity (i.e. user); and applying the organization security policy to the user). 
         Hutson does not explicitly disclose the automatically generated rule comprises a rule associated with an event, the rule associated with the event comprising an indication of whether to allow a particular entity to perform the event.
         Kaufmann discloses the automatically generated rule comprises a rule associated with an event (Kaufmann: para. 0086, business rule), the rule associated with the event comprising an indication of whether to allow a particular entity to perform the event (Kaufmann: para. 0097, allowing a user (i.e. user) to perform the event (i.e. open the file)).
(Kaufmann: para. 0009).
            As per claim 7, Hutson discloses a system comprising: 
a processor (Hutson: para. 0006); 
a data bus coupled to the processor (Hutson: para. 0006, data bus is disclosed because Hutson discloses a computer); and 
a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for (Hutson: para. 0019-0020): 
monitoring electronically-observable user interactions of an entity (Hutson: para. 0014, 0018, monitoring improper behavior (i.e. user interactions) on a network (i.e. electronically-observable) of an entity (i.e. user); monitoring communications include email, instant messages, web postings, file transfers, and voice over Internet (i.e. electronically observable user interactions), the electronically-observable user interactions comprising corresponding user behavior of the entity (Hutson: para. 0015-0016, 0027, electronically-observable user interactions (i.e. social security numbers within email communications); 
(Hutson: para. 0016-0017, converting the electronically-observable user interactions (i.e. incidents) into electronic information representing the user behavior (i.e. electronic information/incident notification includes a copy of the electronic communication), and 
applying an organization specific security policy based upon the electronic information representing the user behavior (Hutson: para. 0015-0018, applying the organization specific security policy (i.e. looks for a condition where nine numbers are found within eleven contiguous spaces) based on electronic information representing the user behavior).
Hutson does not explicitly disclose the organization specific security policy comprising an automatically generated organization specific rule, the organization specific security policy comprising an aggregation of a plurality of entity specific security policies, each of the plurality of entity specific security policies corresponding to a respective entity. 
Kaufmann discloses the organization specific security policy comprising an automatically generated organization specific rule (Kaufmann: para. 0011, 0013-0014, business rule (i.e. organization specific rule)), the organization specific security policy comprising an aggregation of a plurality of entity specific security policies, each of the plurality of entity specific security policies corresponding to respective entity (Kaufmann: para. 0013-0014, 0083, the Examiner asserts that a policies are for a group of users, such as a department in an organization, the department or group of users the Examiner asserts are the entities, and Kaufmann discloses more than one policy can be defined for the entity, which the Examiner asserts are the entity specific security policies).
(Kaufmann: para. 0009, 0078).
Hutson and Kaufmann do not explicitly disclose each respective entity having a corresponding user profile, each corresponding user profile comprising a collection of information that uniquely describes an identify of the respective entity, the collection of information comprising a user profile attribute, a user behavior factor and a user mindset factor, the mindset factor comprising information used to determine a mental state of a user at particular point in time; and using the organization specific security policy to perform a security analytics operation, the security analytics operation identifying anomalous, abnormal, unexpected, or malicious user behavior.
Kshirsagar discloses each respective entity having a corresponding user profile (Kshirsagar: para. 0018, each respective entity (i.e. user) having a corresponding data structure called a profile (i.e. user profile)), each corresponding user profile comprising a collection of information that uniquely describes an identify of the respective entity, the collection of information comprising a user profile attribute, a user behavior factor and a user mindset factor,  the mindset factor comprising information used to determine a mental state of a user at particular point in time; and using the organization specific security policy to perform a security analytics (Kshirsagar: para. 0018-0023, a user the Examiner asserts is a respective entity, whose factors may be associated with a user’s identity, there are multiple factors, such as user behavior which is stored in a profile, factors are stored in a user profile, determine usage patterns (i.e. user profile attribute), a user mindset factor is associated with the users behavior, the mindset factor comprising information used to determine a mental state of a user at a particular point in time (Kshirsagar: para. 0021, user behavior is associated with the mindset factor, Kshirsagar discloses a user accessing a website www. fredspizza.com on rainy Sundays, indicating that the user does not typically go out for food when it is raining, thus the mindset factor comprising information used to determine a mental state; the mental state of a user a particular point in time, such as Sundays when it is raining, ordering pizza).
It would have been obvious to one of ordinary skill at the time of the effective filing date of the claimed invention to include each respective entity having a corresponding user profile, each corresponding user profile comprising a collection of information that uniquely describes an identify of the respective entity, the collection of information comprising a user profile attribute, a user behavior factor and a user mindset factor,  the mindset factor comprising information used to determine a mental state of a user at particular point in time; and using the organization specific security policy to perform a security analytics operation, the security analytics operation identifying anomalous, abnormal, unexpected, or malicious user behavior of Kshirsagar with Hutson and Kaufmann all are analogous in the part of observing events on a network, the motivation is that the factors are used to identify information of a user, thus this is a security measure that can be used to identify patterns in the information to look for security attacks or threat monitoring (Kshirsagar: para. 0025).

As per claims 11 and 17, rejected under similar scope as claim 5.
As per claim 13, rejected under similar scope as claim 1.
As per claims 12 and 18, rejected under similar scope as claim 6.

Claims 2, 8, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Hutson et al (2008/0168453) in view of Kaufmann et al. (2009/0300712), and in view of Kshirsagar et al (2013/0055367), and further in view of Mehrabanzad et al (2016/0330746).
            As per claim 2, Hutson, Kaufmann, and Kshirsagar disclose the method of claim 1.  
Hutson does not explicitly disclose evolving a security policy according to the electronically observable user interactions associated with the event. 
Kaufmann discloses evolving a security policy according to the electronically observable user interactions associated with the event (Kaufmann: para. 0059, 0079, evolving security policy (i.e. dynamic policy) according to the electronically observable user interactions (i.e. user actions/activities associated with the file).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include evolving a security policy according to the electronically observable user interactions associated with the event of Kaufmann with Hutson, both are analogous in the art of enforcing security polices, the motivation is that a policy that can evolve is dynamic, and is more flexible and can allow one to apply policies at run-time (Kaufmann: para. 0009, 0078).

Mehrabanzad discloses evolving the organization specific security policy comprising revising rules associated with the organization specific security policy according to enactment of a user behavior corresponding to an event (Mehrabanzad: para. 0048-0049, organization specific security policy (i.e. user permitted to access a particular access point, and the user’s permitted QoS level), revising rules (i.e. alter rules) associated with the organization specific security policy according to enactment of user behavior corresponding to an event (i.e. the corporate executive may require a higher QoS level; however, if the executive stops coming into the office and/or is no longer determined to be an executive, the rules can be revised based on the user behavior corresponding to the event).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include evolving the organization specific security policy comprising revising rules associated with the organization specific security policy according to enactment of a user behavior corresponding to an event of Mehrabanzad with the combination of Hutson-Kaufmann-Kshirsagar all are analogous in the art of enforcing security policies, the motivation this is an efficient security measure that alters rules by restricting user’s access based on determined user behavior, thus altering the rules can limit the user’s risky or inappropriate network use (Mehrabanzad: para. 0049).


As per claims 8 and 14, rejected under similar scope as claim 2.
Claims 3, 9, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hutson et al (2008/0168453) in view of Kaufmann et al (2009/0300712), in view of Kshirsagar et al (2013/0055367) and further in view of Lang (2019/0014153).
As per claim 3, Hutson, Kaufmann, and Kshirsagar disclose the method of claim 1.
Hutson, Kaufmann, and Kshirsagar do not explicitly disclose each of the plurality of entity-specific security policies comprise an automatically generated entity-specific rule.
Lang discloses each of the plurality of entity specific security policies comprise an automatically generated entity-specific rule (Lang: para. 0065-0066, entity (i.e. IT system) specific security policies received a plurality of policy inputs, and automatically generate machine-enforceable rule).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include each of the plurality of entity specific security policies comprise an automatically generated entity-specific rule of Lang with the combination of Hutson-Kaufmann-Kshirsagar all are analogous in the art of security policies, the motivation is that the world needs better policy management method and systems that can manage meaningful policies, and that supports IT agility, and that is repeatable/traceable/verifiable (Lang: para. 0005).  

As per claims 9 and 15, rejected under similar scope as claim 3.


Claims 4, 10, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Hutson et al (2008/0168453) in view of Kaufmann et al (2009/0300712), in view of Kshirsagar et al (2013/0055367) and further in view of Gibson et al (8,776,168).

As per claim 4, Hutson, Kaufmann, and Kshirsagar discloses the method of claim 1.
            Hutson further discloses the organization specific security policy comprises a risk-adaptive security policy(Hutson: See Fig. 2, para. 0016, 0025, 0027,  organization specific security policy the policy looks at social security numbers within email, comprises a risk adaptive security policy (i.e. how many social security numbers within email communications). 	Hutson, Kaufmann, and Kshirsagar do not explicitly disclose a security policy implemented to be revised to adaptively remediate risk associated with a user behavior, the user behavior being represented via a plurality of risk-adaptive behavior factors, the plurality of risk-adaptive behavior factors comprising at least one user behavior factor and a user mindset factor.  
	Gibson discloses a security policy implemented to be revised to adaptively remediate risk associated with a user behavior, the user behavior being represented via a plurality of risk-adaptive behavior factors, the plurality of risk-adaptive behavior factors comprising at least one user behavior factor and a user mindset factor (Gibson: col. 4, lines 26-51, col. 7, lines 25-34, col. 9, lines 10-24, Gibson discloses only one needs to be disclosed, which Gibson discloses user behavior factor, the security policy is revised to remediate risk associated with a user behavior).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include a security policy implemented to be revised to adaptively remediate risk associated with a user behavior, the user behavior being represented via a plurality of risk-adaptive behavior factors, the plurality of risk-adaptive behavior factors (Gibson: col. 4, lines 47-51).

	As per claims 10 and 16, rejected under similar scope as claim 4.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Hutson et al (2008/0198453) in view of Kaufmann et al. (2009/0300712), and in view of Kshirsagar et al (2013/0055367) and further in view of Williams et al (2012/0079107).
As per claim 19, Hutson, Kaufmann, and Kshirsagar disclose the non-transitory, computer-readable storage medium of claim 13.
Hutson, Kaufmann, and Kshirsagar do not explicitly disclose wherein the computer executable instructions are deployable to a client system from a server system at a remote location.
Williams discloses the computer executable instructions are deployable to a client system for a server system at a remote location (Williams: para. 0074, 0094, compliance server instructions to be deployable on a client system).
It would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to include the computer executable instructions are deployable to a client system for a server system at a remote location of Williams with Hutson-Kaufmann-Kshirsagar are analogous in the art of security policy, the motivation is that policy may be tested (Williams: para. 0094).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Hutson et al (2008/0198453) in view of Kaufmann et al. (2009/0300712) in view of Kshirsagar et al (2013/0055367) and further in view of Dwyier (2016/0277360).
As per claim 20, Hutson, Kaufmann, and Kshirsagar disclose the non-transitory, computer-readable storage medium of claim 13.
Hutson, Kaufmann, and Kshirsagar do not explicitly disclose wherein the computer executable instructions are provided by a service provider to a user on an on-demand basis.
Dwyier discloses the computer executable instructions are provided by a service provider to a user on an on-demand basis (Dwyier: para. 0013, 0053, on demand basis (i.e. real-time)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the computer executable instructions are provided by a service provider to a user on an on-demand basis of Dwyier with Hutson-Kaufmann-Kshirsagar are analogous in the art of security policies, the motivation is that this is an efficient method that protects sensitive data in real-time by programming data protection policies (Dwyier: para. 0005).





                                                                 Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 


9/2/2021/J.E.J/Examiner, Art Unit 2439                                                                                                                                                                                                        
/KARI L SCHMIDT/Primary Examiner, Art Unit 2439