Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 12/02/2021 has been entered.
As per instant Amendment, Claims 1, 14 and 16 have been amended. No new claims have been added. Claims 1-20 are pending.
EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. James T. Bergstrom (Reg. No. 57,021) on December 13th, 2021.  During the telephone conference, Mr. Bergstrom has agreed and authorized the Examiner to amend claims 1, 7-8, 12, 14 and 16. 
The application has been amended as follows:
CLAIMS
Replacing claims 1, 7-8, 12,  14 and 16 as following:
1. (Currently Amended) A computer-implemented method comprising, at a computer system of a security management system:
obtaining a file including data about network activity associated with [[a]] client  devices uses by users of an organization on a network , wherein the network activity is generated when the client  devices are operating as part of the network of the organization;
identifying, using the data about the network activity, an application that has been accessed by the client  devices while the client  devices are operating as part of the network of the organization, wherein the application is provided to the client  devices from a network of a service provider, wherein the network of the organization and the network of the service provider are different networks;
determining, using the data about the network activity, access information associated with the application, wherein the access information includes network activity indicating an access of the application from the client  devices;
determining, using the access information, network domain information about the application, wherein the network domain information identifies the service provider;
determining, using the network domain information, an organization associated with the application;

determining security information about the application, wherein the security information includes one or more indicators describing a security threat associated with the application;
computing a security risk score that indicates a measure of security for the application using a combination of the one or more indicators describing the security threat associated with the application and the organization-based security indicator for the organization; and
performing, by applying a security policy based on the measure of security, a remediation action for the application that prevents access to the application by the users of the organization.  
7. (Currently Amended) The computer-implemented method of claim 1, wherein the data about the network activity is for communications on the network of the organization, wherein identifying the application includes processing the data to identify a communication corresponding to a request for the application, and wherein the communication indicates application information about the request for the application, the application information being used to identify the application as being accessed by the  devices.
8. (Currently Amended) The computer-implemented method of claim 7, wherein the access information is determined using the communication, and wherein the access information indicates a timestamp of the network activity for the application, an IP address of a system that provides the application, a media access control (MAC) address of a device used to access the application, and user information about a user of at least one of the client  devices..
..
14. (Currently Amended) A security management system comprising: 
one or more processors; and
a memory accessible to the one or more processors, wherein the memory stores one or more instructions which, upon execution by the one or more processors, causes the one or more processors to perform operations comprising:
obtaining a file including data about network activity associated with [[a]] client  devices uses by users of an organization on a network , wherein the network activity is generated when the client  devices are operating as part of the network of the organization;
identifying, using the data about the network activity, an application that has been accessed by the client  devices while the client  devices are operating as part of the network of the organization, wherein the application is provided to the client  devices from a network of a service provider, wherein the network of the organization and the network of the service provider are different networks;
determining, using the data about the network activity, access information associated with the application, wherein the access information includes network activity indicating an access of the application from the client  devices;
determining, using the access information, network domain information about the application, wherein the network domain information identifies the service provider;
determining, using the network domain information, an organization associated with the application;
determining an organization-based security indicator for the organization indicative of a security risk of the organization to the network;

computing a security risk score that indicates a measure of security for the application using a combination of the one or more indicators describing the security threat associated with the application and the organization-based security indicator for the organization; and
performing, by applying a security policy based on the measure of security, a remediation action for the application that prevents access to the application by the users of the organization.  
16. (Currently Amended) A computer-implemented method comprising, at a computer system of a security management system:
obtaining, from a first service provider system, first data about a first application, wherein the first application is accessed from the first service provider system, and wherein access of the first application is associated with a user;
obtaining, from a second service provider system, second data about a second application, wherein the second application is accessed from the second service provider system, and wherein access of the second application is associated with the user;
determining, using the first data and the second data, access information for a third application that has been accessed by the user;
searching, using the access information, for network domain information about a provider system that provides the third application;
determining, using the network domain information, an organization associated with the third application;
determining an organization-based security indicator for the organization indicative of a security risk of the organization to the network;
determining security information about the third application, wherein the security information includes one or more indicators describing a security threat associated with the third application;
security risk score that indicates a measure of security for the third application using a combination of the one or more indicators describing the security threat associated with the application and the organization-based security indicator for the organization; and
performing, by applying a security policy based on the measure of security, a remediation action for the third application that prevents access to the third application by the user.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/03/2021 was filed. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Priority
 This application is a continuation of U.S. application No. 15/441,154, filed Feb. 23rd, 2017 (Now U.S. patent No. 10,536,478), which application claims priority to U.S. Provisional Application No.   62/460,716, filed Feb. 17th, 2017 and to U.S. Provisional Application No.  62/300,715, filed Feb. 26th, 2016. 
Terminal Disclaimer
  Applicant's earlier filed related application No. 15/441,154 was allowed (Now U.S. patent No. 10,536,478) and resulted in applicant’s timely filed terminal disclaimer dated 12/02/2021 was approved on 12/02/2021.
Response to Arguments
 The rejections of claims 1-20 on the ground of nonstatutory obviousness-type double patenting are withdrawn as the applicant’s timely filed terminal disclaimer approved. 
 The previous rejection of claims 1-2, 5-14 and 16-19 under 35 U.S.C. § 103 is withdrawn in response to the applicant's amendments.
Allowable Subject Matter
 Claims 1-20 are allowed in light of the Applicant’s arguments/amendments and in light of the prior art made of record.
 The following is an examiner’s statement of reasons for allowance: 
As to claims 1-20, the closest prior arts, Muddu (US 2017/0063886), in view of Mahabir (US 2017/0244740), in view of Thakar (US 2016/0057165), in view of Fissel (US 8,495,746) and further in view of Krstic (US 2015/0347748), alone or in combination fails to anticipate or render obvious the claim invention.  
Muddu (prior art of record) discloses a security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment; security monitoring can involve tracking network activity by users, devices, and applications (referred to collectively as "entities") to identify and track anomalies and threats (referred to collectively as "instance of potential network compromise," or "instances"), a graphical user interface for a user in accordance with the present disclosure also organizes, tracks, and presents information concerning these entities See the abstract,  par. 0137,0442-0443 and 0445 of Muddu.
Mahabir (prior art of record) discloses network security risk assessment systems and methods are provided; risk assessment server that receives a list of software applications operating within the subscriber organization network and a plurality of properties for each of the software applications and determining a risk assessment score for the subscriber organization based on respective software application risk assessment scores of each of the list of software applications and respective organizational node risk assessment scores of each of the list of organizational nodes- See the abstract, par. 0006 of Mahabir.
Thakar (prior art of record) discloses a method of identifying Domain Generated Algorithm (DGA) malware, comprising: identifying a domain name by monitoring activity of a network. One or more software programs or appliances may be used to monitor and analyze network activity and conduct an analysis of NX domains in the network to detect DGA malware and identify its source- See claim 15 and par. 0015 of Thakar.
Fissel (prior art of record) discloses details the implementation of apparatuses, methods and systems of an application security management platform (hereinafter, "ASMP"). ASMP systems may, in one embodiment, implement a live platform on a computerized system, whereby the platform may receive security data associated with a running application from multiple security tacking systems, evaluate the security performance of the application, generate an application security summary report for See the abstract of Fissel.
Krstic (prior art) discloses techniques for handling security of an application and its extension are described. In one embodiment, an application manager of an operating system running within a data processing system launches an application in a first sandboxed environment based on a first security profile associated with the application. In response to receiving a request from the application for accessing a function of an application extension that is associated with the application, the application manager launches the application extension in a second sandboxed environment based on a second security profile associated with the application extension. The application manager is to individually enforce security and manage resources of the application and the application extension in the first and second sandboxed environments based on the first and second security profiles, respectively- See the abstract of Krstic.
However, none of Muddu, Mahabir, Thakar, Fissel and Krstic teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, 1, 14 and 16.  For example, none of the cited prior art teaches or suggest the steps of determining an organization-based security indicator for the organization indicative of a security risk of the organization to the network; determining security information about the application, wherein the security information includes one or more indicators describing a security threat associated with the application; computing a security risk score that indicates a measure of security for the application using a combination of the one or more indicators describing the security threat associated with the application and the organization-based security indicator for the organization and performing, by applying a security policy based on the measure of security, a remediation action for the application that prevents access to the application by the users of the organization. Further in the independent claim, 16.  For example, none of the cited prior art teaches or suggest the steps of performing, by applying a security policy based on the measure of security, a remediation action for the third application that prevents access to the third application by the user. 
These limitations, in conjunction with all other limitations, has not been disclosed, suggested or made obvious over the prior art of record either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.  For these reasons, as well as the other limitations and in the light of amendments to the claims of the independent claims, puts these claims in condition for allowance.
Claims 2-13, 15 and 17-20 are directly or indirectly dependent upon claims 1, 14 and 16 therefore, they are also allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495