Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 11/19/2021 has been considered by the examiner.

Status of Claims
3.	This Office Action is issued in response to the Amendment filed on 9/02/2021.
Claims 1-25 are pending in this Office Action.
Claims 3, 7, and 22 have been amended.

Response to Arguments
4.	a. Claim Rejections - 35 U.S.C. § 101: The previous 35 U.S.C. 101 rejections of claims 22-24 are maintained because adding a processor to perform the cited steps amounts to no more than mere instructions to apply the exception using a generic computer component.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.  Therefore, claims 22-24 are still not patent eligible. Please see newly applied 35 U.S.C. 101 for claims 22-24 below.
	b. Claim Rejections - 35 U.S.C. 112(b): The previous U.S.C. 112(b) rejections with respect to claims 22-24 have been withdrawn in response to claim amendments.
	c. Claim Rejections - 35 U.S.C. § 103: 

Applicant’s argument with respect to 35 U.S.C. § 103 rejections of claims 1-20 and 22-25 have been fully considered but are not persuasive.
Regarding Applicant’s arguments of claim 1 (which has been rejected for similar reasons as claim 11), Applicant argues that Doyle fails to teach "inputting metadata associated with a current data threat into the trained cognitive network" and "identifying, by the trained cognitive network, one or more stored instances of data determined to be vulnerable to the current data threat".  Banasik fails to teach “"adjusting one or more security aspects of the one or more stored instances of data determined to be vulnerable to the current data threat" (emphasis added), as claimed by applicant. More specifically, Banasik only teaches the calculation of a risk score based on multiple situational factors, and the changing of a data protection plan based on that score, which does not teach the identification of "stored instances of data determined to be vulnerable to the current data threat," much less "adjusting one or more security aspects of the one or more stored instances of data determined to be vulnerable to the current data threat"” (Applicant’s Remark filed on 09/02/2021, pages 9 and 10).

Examiner’s response: one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
As presented in Office Action dated 07/27/2021, pages 5 and 6, Doyle discloses utilizing artificial neural network for threat score prediction (paragraphs [0046]-[0047]), identifying current vulnerability (paragraphs [0028]-[0029]: monitor and identify “real-time information describing various vulnerabilities”; note: real-time vulnerabilities are equivalent to current vulnerabilities).  Vulnerability characteristics-metadata associated with current data threat- are used as input into cognitive network to determine a threat score for a candidate software vulnerability-stored instances of data (paragraphs [0005], [0046], [0065]-[0066]).  Therefore, Doyle does teach “inputting metadata associated with a current data threat into the trained cognitive network, identifying, by the trained cognitive network, one or more stored instances of data determined to be vulnerable to the current data threat".  
Banasik discloses relation of data protection plan –security aspect- for stored data with respect to risk (abstract and paragraph [0018]).  Therefore, the combination of Doyle’s teaching of utilizing artificial neural network for threat score prediction, identifying current vulnerability and using metadata of the current vulnerability to determine a threat score for a candidate (stored) software vulnerability and Banasik’s teaching of data protection plan for stored data with respect to risk makes an obvious and predictable result of adjusting security aspect(s) of stored vulnerable data using metadata associated with a current data threat to identify stored instances of data.
(or 11; note: claims 1, 11, and 21 claim similar subject matters) are not persuasive.
Arguments of claims 2-21 are based on arguments of claim 1 which are found not persuasive; therefore, arguments of claims 2-21 are also not persuasive.
Regarding Applicant’s arguments of claim 22, Applicant argues ““calculating a risk score and selecting a data protection plan based on the risk score, as in Banasik, and extracting terms from an incident report, as in Craig, fails to teach "comparing... the metadata associated with the data threat to metadata associated with a stored instance of data" or "conditionally adjusting... one or more security aspects of the stored instance of data, based on the comparing"” (pages 12-13).
Examiner’s response: Banasik discloses aa). detecting changes of plurality of situational factors which may include a computer security climate based on the latest computer viruses and worms (paragraphs [0024] and [0054]; note: computer viruses and worms are data threats).  bb). A new risk score is computed for stored data based on detected changes in at least one of the plurality of situational factors (paragraphs [0018] and [0054]).  cc). A different data protection plan is selected based on the new risk score (paragraph [0054]).  From Banasik’s teachings in aa), bb) and cc), it is logical that when computer viruses and worms are detected, one would analyze and compare information/data of the detected viruses and worms with the stored data in order to know whether the stored data would be affected by the detected viruses and worms in order to compute a (paragraphs [0047]-[0049]).  The inputs include vulnerability name (paragraph [0040]: vulnerability called “Krack”), description of assets to be protected (paragraph [0041]), keywords related to observed anomalous behavior and types of system/asset attacked (paragraph [0042]), and list of keywords, assets and anomalies (paragraph [0045]).  Hence, the combination of Banasik and Craig does teach comparing metadata associated with the data threat to metadata associated with a stored instance of data and conditionally adjusting one or more security aspects of the stored instance of data, based on the comparing.
	Therefore, Applicant’s arguments with respect to claim 22 are not persuasive.  Applicant’s arguments of claims 23-25 are based on Applicant’s arguments of claim 22; accordingly, they are also not persuasive.
	Since Applicant’s arguments of 35 U.S.C. § 103 rejections are not persuasive.  The previous 35 U.S.C. § 103 rejections are maintained and new rejections with respect to amended claims 3 and 7 are presented below.

Claim Rejections - 35 USC § 101
5.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claim 22 is rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract ideas without significantly more. 
Step 2A, Prong 1: The claim recites ‘…determining metadata…, comparing the metadata…, conditionally adjusting…” These limitations, as drafted, under their broadest reasonable interpretations cover performance of the limitations in the mind or on paper.  For example, the limitation “determining metadata associated with a data threat,” under its broadest reasonable interpretation, covers performance of the limitation in the mind.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind, then it falls within the “Mental Processes” grouping of abstract ideas.  Accordingly, the claim recites an abstract idea.
Step 2A, Prong 2: This judicial exception is not integrated into a practical application because the claim does not recite any application of the limitations besides abstract ideas. For example, the claim does not impose any meaningful limits of adjusting the one or more security aspects of the stored instance of data based on the comparing.  Therefore, the claim is directed to an abstract idea.
Step 2B: Besides the abstract ideas, the claim recites a processor that is not sufficient to amount to significantly more than the judicial exception because using a processor to perform the cited steps amounts to no more than mere instructions to apply the exception using a generic computer component.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.  Therefore, the claim is not patent eligible.


Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


8.	Claims 1-5, 7-15, and 17-21 are rejected under 35 U.S.C. 103 as being unpatentable over Doyle et al. (US 2020/0210590), hereinafter “Doyle”, in view of Banasik et al. (US 2018/0189147), hereinafter “Banasik”.
	Regarding claim 11, Doyle discloses a computer program product for cognitively securing data based on metadata associated with a data threat, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se (paragraphs [0073] and [0074]), the program instructions executable by a processor to cause the processor to perform a method comprising: 
training, by the processor, a cognitive network, utilizing metadata associated with historic data threats (paragraph [0005]: training a model for threat score assessment of software vulnerabilities from historic threat events; paragraphs [0046] and [0047]: the threat score prediction model is generated by machine learning including artificial neural network.  Paragraphs [0065]-[0066]: vulnerability characteristics-metadata); 
inputting, by the processor, metadata associated with a current data threat into the trained cognitive network (paragraphs [0028]-[0029]: identifying current vulnerability; paragraphs [0046], [0065]-[0066]: a set of vulnerability characteristics are applied as input); 
identifying, by the processor and the trained cognitive network, one or more stored instances of data determined to be vulnerable to the current data threat (paragraph [0005]: association of enterprise network with software vulnerabilities; paragraph [0046]: input data is used to determine a threat score for a candidate software vulnerability- stored instances of data); 
Doyle discloses determining a threat score for the candidate software vulnerability (paragraph [0046]), but Doyle does not disclose adjusting, by the processor, one or more security aspects of the one or more stored instances of data determined to be vulnerable to the current data threat.  However, changing security aspect for stored data based on threat score in known in the art and Banasik’s teaching is an example (Abstract and paragraph [0018]: relation of data protection plan-security aspect- with respect of risk-threat- score).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Doyle’s teaching of training a cognitive network to identify vulnerability of stored data to current data threat with Banasik’s teaching of changing security aspect for stored data based on threat score.  The motivation to do so would be to protect data as taught by Banasik (paragraphs [0002]-[0004]).
Regarding claim 12, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the cognitive network includes a neural network (Doyle, paragraph [0047]: machine learning algorithms include artificial neural network).
Regarding claim 13, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the metadata associated with the historic data threats includes an identification of the historic data threats (Doyle, paragraphs [0044] and [0051]: historic threat events).
Regarding claim 14, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the metadata associated with the historic data threats includes one or more types of data susceptible to the historic data threats (Doyle, paragraph [0066]).
Regarding claim 15, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the metadata associated with the historic data threats includes one or more locations where the historic data threats have occurred (Doyle, paragraph [0051]: media type or topic of threat events could indicate where a threat event occurs).
Regarding claim 17, Doyle and Banasik disclose the computer program product of claim 1.  Doyle further discloses wherein the metadata associated with the current data threat is extracted from one or more data sources (Doyle, paragraph [0051]).
Regarding claim 18, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the metadata associated with the current data threat is extracted from one or more news sources, one or more blog posts, and one or more social media posts (Doyle, paragraphs [0038] and [0051]).
Regarding claim 19, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the trained cognitive network takes the metadata associated with the current data threat as input, and outputs an indication of the one or more stored instances of data determined to be vulnerable to the current data threat (Doyle, paragraph [0046]).
Regarding claim 20, Doyle and Banasik disclose the computer program product of claim 11, wherein the one or more security aspects of one or more stored instances of data are adjusted by changing a sensitivity level for the one or more stored instances of data (Doyle, paragraph [0048]: updating threat scores.  Banasik, Abstract: relation of data protection plan with respect of risk score.  The combination of Doyle and Banasik’s teachings makes the obviousness of the interrelation of the security aspects and sensitivity level for the stored data; therefore, when the security aspects are adjusted, the sensitivity level of stored data would also be changed, so the stored data would be protected accordingly).
Claims 1, 2, 4, 5 and 8-10 claim similar subject matters to claims 11, 12, 14, 15, 18-20 respectively; therefore, claims 1, 2, 4, 5 and 8-10 are rejected at least for the same reasons as claims 11, 12, 14, 15, 18-20 respectively.
Regarding claim 3, Doyle and Banasik disclose the method of claim 1 (which is rejected at least for the same reasons as claim 11).  Doyle and Banasik further disclose wherein the historic data threats include instances of malware attacks (Banasik, paragraphs [0018] and [0024]: vulnerability related to computer viruses and worms- forms of malware attacks), and the metadata associated with the historic data threats includes an identification of the historic data threats (Doyle, tables 1 and 2: vulnerability names; paragraphs [0044] and [0051]: historic threat events), one or more types of data susceptible to and negatively affected by the historic data threats (Doyle, paragraph [0051]: media type of threat events and paragraph [0066]), and one or more locations where the historic data threats have occurred (Doyle, paragraph [0051]: media type of threat events are where the threat also have happened).
Regarding claim 7, Doyle and Banasik disclose the method of claim 1 (which is rejected at least for the same reasons as claim 11).  Doyle and Banasik further disclose wherein the current data threat includes a malware attack (Banasik, paragraphs [0018] and [0024]: vulnerability related to computer viruses and worms- forms of malware attacks), and the metadata associated with the current data threat is extracted from one or more data sources (Doyle, paragraph [0051]) and includes an identification of the current data threat (Doyle, tables 1 and 2: vulnerability names), one or more types of data susceptible to and negatively affected by the current data threat (Doyle, paragraph [0051]: media type of threat events), one or more locations where the current data threat has occurred (Doyle, paragraph [0051]: media type of threat events are where the threat also have happened.  Note: Doyle discloses the types of historic threat events and although Doyle does not explicitly disclose these metadata in relating to current data threat, it would be obvious for one of ordinary skill in the art before the effective filing date to apply these metadata to current data threat because the result would be predictable and resulted in having informative information of current data threat for efficiently tracking and recording data threat).
Claim 21 claims similar subject matters to claim 11; therefore, claim 21 is rejected at least for the same reasons as claim 11.  Furthermore, Doyle discloses a system with a processor and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor (paragraph [0069]).
9.	Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Doyle et al. (US 2020/0210590), hereinafter “Doyle”, in view of Banasik et al. (US 2018/0189147), hereinafter “Banasik”, and in view of Bang (US 2016/0300065), hereinafter “Bang”.
Regarding claim 16, Doyle and Banasik disclose the computer program product of claim 11.  Doyle and Banasik do not explicitly disclose wherein metadata associated with the one or more stored instances of data determined to be vulnerable to the historic data threats are labeled as vulnerable to the historic data threats, and are input into the cognitive network along with metadata associated with the historic data threats.  However, tagging vulnerability data is known in the art and Bang’s teaching is an example (paragraphs [0013] and [0031]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Doyle and Banasik’s teachings of training a cognitive network to identify vulnerability of stored data to current data threat and changing security aspect for stored data based on threat score with Bang’s teaching of tagging vulnerability data to have tagged vulnerability for stored data which are used as input into the cognitive network along with metadata associated with the historic data threats.  The motivation to do so would be to optimize and efficiently identifying and tracking the vulnerabilities as taught by Bang (paragraph [0005]). 
	Claim 6 claims similar subject matters to claim 16; therefore, claim 6 is rejected at least for the same reasons as claim 16.
10.	Claims 22, 24, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Banasik et al. (US 2018/0189147), hereinafter “Banasik” in view of Craig et al. (US 2019/0222593), hereinafter “Craig”.
Regarding claim 22, Banasik discloses a computer-implemented method (paragraph [0005]), comprising: 
determining, by a processor (Fig. 3 with associated text: processor 302.  Paragraph [0075]: embodiments are embodied in hardwares including processors), [metadata] associated with a data threat (paragraph [0054]: detecting changes of plurality of situational factors; paragraph [0024]: “The situational factors can also include security vulnerability status, which may include a computer security climate based on the latest computer viruses and worms.”  Computer viruses and worms are data threats); 
comparing, by a processor, the [metadata] associated with the data threat to [metadata] associated with a stored instance of data (paragraphs [0018] and [0054]: a new risk score is computed for stored data based on detected changes in at least one of the plurality of situational factors.”  Note: in order to detect changes, at least a comparison must be made); and 
conditionally adjusting, by the processor, one or more security aspects of the stored instance of data, based on the comparing (paragraph [0054]: “A different data protection plan is selected based on the new risk score.”)
As presented above, Banasik discloses detecting information associated with data threat and stored data to compute a new risk score for the stored data.  Banasik does not explicitly disclose but Craig discloses determining metadata associated with the data threat and comparing metadata associated with the data threat with the metadata associated with the stored data (paragraphs [0041]-[0047]:  information extracted from initial incident reports- data threat- are metadata and matching process requires comparison of metadata of input data with metadata of stored data in order to obtain output).  
(paragraphs [0001]-[0004]).
Regarding claim 24, Banasik and Craig disclose the computer-implemented method of claim 22, wherein the one or more security aspects of the stored instance of data are adjusted in response to determining that the metadata associated with the data threat is associated with the metadata associated with the stored instance of data (Banasik, paragraph [0054]: “a new risk score is computed based on detected changes in at least one of the plurality of situational factors.  A different data protection plan is selected based on the new risk score.”  Craig, paragraphs [0041]-[0047]:  association of metadata from initial incident reports- data threat- metadata of stored data.  Therefore, the combination of Banasik and Craig’s teachings also makes it obvious that the one or more security aspects of the stored instance of data are adjusted based on the association of the metadata associated with the data threat and the metadata associated with the stored instance of data to timely mitigate security threat).
Claim 25 claims similar subject matters to claim 22; therefore, claim 25 is rejected at least for the same reasons as claim 22.  Furthermore, Banasik discloses a computer program product for implementing a data protection (paragraph [0007]).
11.	Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Banasik et al. (US 2018/0189147), hereinafter “Banasik”, in view of Craig et al. (US 2019/0222593), hereinafter “Craig” and in view of Bellis et al. (US 10,503,908), hereinafter “Bellis”.
Regarding claim 23, Banasik and Craig disclose the computer-implemented method of claim 22, wherein the one or more security aspects of the stored instance of data are adjusted as presented in claim 22 above.  Banasik also discloses identifying the assets of the protected system that most closely match assets that are currently under attack somewhere else (paragraph [0048]), but Banasik and Craig do not explicitly disclose the one or more security aspects of the stored instance of data are adjusted in response to determining a predetermined amount of matching metadata between the metadata associated with the data threat and the metadata associated with the stored instance of data.  However, matching data based on a threshold match is known in the art and Bellis’ teaching is an example (Col. 6, lines 4-15).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Banasik and Craig’s teachings of adjusting security aspect for stored data based on data threat, determining metadata associated with the data threat and comparing metadata associated with the data threat with the metadata associated with the stored data with Bellis’ teaching of matching data based on a threshold match because the result would have been predictable and resulted in adjusting the security aspect for stored data based on determining a predetermined amount of matching metadata between the metadata associated with the data threat and the metadata associated with the stored instance of data.


Conclusion
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to THANH T LE whose telephone number is (571)270-0279.  The examiner can normally be reached on Monday-Thursday 8:00 am - 4:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/THANH T LE/Examiner, Art Unit 2495