Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.       This Office Action is in response to the Amendment filed on November 1, 2021, which paper has been placed of record in the file.
2.          Claims 1-2 and 4-18 are pending in this application. 



Claim Interpretation
3.         The following is a quotation of 35 U.S.C. 112(f):

(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

4.    The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim 
Claim limitations in claim 17 of this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

5.         This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “risk assessment logic”, “aggregation logic” recited in claim 16.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the 



Claim Rejections - 35 USC § 112
6.         The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

7.       Claim 18 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The claim recites the “continuously determining whether other types of aggregated risk scores meet other types of predetermined criteria, and electronically issuing real-time alerts in response to the meeting of the other types of predetermined criteria” were not described in the specification. The Specification described different types of risks (see page 4), but did not described “continuously determining whether other types of aggregated risk scores meet other types of predetermined criteria, and electronically issuing real-time alerts in response to the meeting of the other types of predetermined criteria.”




Claim Rejections - 35 USC § 101
8.        35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


            Note: Examiner points Applicant to the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).

9.      Claims 1-2 and 4-18 are rejected under 35 U.S.C. 101 because the claim invention is directed to a judicial exception (i.e., law of nature, natural phenomenon, or abstract idea) without significantly more.
Independent claim 1, which is illustrative of the all independent claims and analyzing as the following:
         Step 1: Statutory Category? (is the claim(s) directed to a process, machine, manufacture or composition of matter?). Yes. The claims recite a method and, therefore, is a process.
           Step 2A - Prong 1: Judicial Exception Recited? (is the claim(s) recited a judicial exception (an abstract idea enumerated in the 2019 PEG, a law of nature, or a natural phenomenon). Yes. The claim recites the following limitations: continuously gathering machine-readable facts…, continuously deriving and storing risk profiles…, providing an ontology that associates a different subset of the monitored entities…, adjusting the ontology overtime, continuously aggregating the risk score for the scored entities…, continuously determining whether the aggregated organizational risk score meets …, and issuing a real-time alert..., which is a method of organizing human activity (managing personal behavior or relationships or interactions between people including social activities, teaching and following rules or instructions), then it falls within the “Organizing human activity” grouping of abstract idea. Moreover, the claim recites the following limitations of continuously gathering machine-readable facts…, continuously deriving and storing risk profiles…, providing an ontology that associates a different subset of the monitored entities…, adjusting the ontology overtime, continuously aggregating the risk score for the scored entities…, continuously determining whether the aggregated organizational risk score meets …, and issuing a real-time alert..., as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, other than “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
             Step 2A - Prong 2: Integrated into a Practical Application? (is the claim(s) recited additional elements that integrate the exception into a practical application of the exception). No. This judicial exception is not integrated into a practical application. In particular, the claim recites the additional elements of a computer and storage, and using the computer to perform gathering, deriving, storing, providing, adjusting, aggregating, and issuing steps. The processor is recited at a high-level of generality (i.e., as a generic computing device performing a generic computer function of gathering, deriving, storing, providing, adjusting, aggregating, and issuing steps) such that it amounts no more than mere instructions to apply the exception using generic computer components. Each of the additional limitations is no more than mere instructions to apply the exception using generic computer components (The computer). The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer components. Moreover, the claim recites the additional limitations “a fact monitoring interface operative to continuously gather machine-readable facts” and “an alert interface operative to electronically issue” (recited in claim 16), which are recited at a high level of generality (i.e., as a general means of collecting and transmitting data), which is a form of insignificant extra-solution activity. Each of the additional limitations is the claim is directed to an abstract idea. 
          The Berkheimer Memorandum mandates that an additional element (or combination of elements) is not well-understood, routine or conventional unless the examiner finds, and expressly supports a rejection in writing with, one or more of the following: 
           (1) a citation to an express statement in the specification or to a statement made by an applicant during prosecution that demonstrates the well-understood, routine, conventional nature of the additional element(s); 
           (2) a citation to one or more of the court decisions discussed in MPEP § 2106.05(d)(II) as noting the well-understood, routine, conventional nature of the additional element(s); 
           (3) a citation to a publication that demonstrates the well-understood, routine, conventional nature of the additional element(s); or 
           (4) a statement that the examiner is taking official notice of the well-understood, routine, conventional nature of the additional element(s), which satisfies the requirements set forth in MPEP § 2144.03. 
            In this case, the present Specification described in page 7, second paragraph of using general-purpose computer and available commercial products to perform the 
	Step 2B: Claim provides an Inventive Concept? (is the claim(s) recited additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception). No. As discussed with respect to Step 2A Prong Two, the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception on a generic computer cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. 
          Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B. Here, the limitations “a fact monitoring interface operative to continuously gather machine-readable facts” and “an alert interface operative to electronically issue” (recited in claim 16)  were considered to be extra-solution activity in Step 2A, and thus they are re-evaluated in Step 2B to determine if they are more than what is well-understood, routine, conventional activity in the field. Collecting and transmitting information over a network is well-understood, routine, conventional activity the Symantec, TLI, and OIP Techs. court decisions cited in MPEP 2106.05(d)(II) indicate that mere collection or receipt of data over a network is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that collecting and transmitting data is Berkheimer Option 2. Moreover, the limitations of “a fact monitoring interface operative to continuously gather machine-readable facts” and “an alert interface operative to electronically issue” (recited in claim 16) do not providing any improvements to the computer functionality, improvements to the interface, they are just merely used as general means for collecting and transmitting information, they do not amount to an inventive concept. For these reasons there is no inventive concept in the claim, and thus the claim is not patent eligible.
         Berkheimer Option 2, the courts have recognized the following computer functions as well understood, routine, and conventional functions when they are claimed in a merely genetic manner (e.g., at a high level of generality) or as insignificant extra-solution activity.
          Computer Functions recited at a high-level of generality:
          i. Receiving or transmitting data over a network (Symantic, TLI Communications, OIP Techs, buySafe).
          ii. Performing repetitive calculations (Flook, Bancorp).
          iii. Electronic recordkeeping (Alice Corp, Ultramercial).
          iv. Storing and retrieving information in memory (Versata Dev. Group, Inc., OIP).
          v. Electrically scanning or extracting data from a physical document (Content Extraction and Transmission, LLC).
           Accordingly, a conclusion that the “a fact monitoring interface operative to continuously gather machine-readable facts” and “an alert interface operative to electronically issue” (recited in claim 16) are well-understood, routine, conventional activity is supported under Berkheimer Option 2. Moreover, The limitations of “a fact monitoring interface operative to continuously gather machine-readable facts” and “a reporting interface operative to electronically report” (recited in claim 16)  which do not amount to significantly more than the abstract idea they do not provide any improvements to another technology or technical field, improvements to the functioning of the computer, improvements to the interface, they just merely used as general means for collecting and transmitting data, they do not amount to an inventive concept, and because they well understood, routine, and conventional functions when they are claimed in a merely genetic manner (e.g., at a high level of generality) or as insignificant extra-solution activity. It is similar to other concepts that have been identified by the courts, such as Receiving or transmitting data over a network (Symantic, TLI Communications, OIP Techs, buySafe). Therefore, the claims do not amount to significantly more than the abstract idea. For these reasons there is no inventive concept in the claim, and thus the claim is not patent eligible.
         The dependent claims do not add limitations that meaningfully limit the abstract idea. For example, Claim 2 recites responding to user request to explore the ontological relationships…; Claim 3 recites determining whether the aggregated organization risk score meets a predetermined criteria….and electronically reporting…; Claim 4 recites electronically reporting…; Claims 5-8 recite issuing a report…; Claims 9-15 recites continuously updating the ontological relationships…; Therefore, the dependent claims do not impart patent eligibility to the abstract idea of the independent claim. The dependent claims rather further narrow the abstract idea and the narrower scope does not change the outcome of the two part Mayo test. Narrowing the scope of the claims is not enough to impart eligibility as it is still interpreted as an abstract idea, a narrower 
         Regarding independent claims 16 and 17, Alice Corp. establishes that the same analysis should be used for all categories of claims. Therefore, independent claim 16 directed to a system,  independent claim 17 directed to a system, are also rejected as ineligible subject matter under 35 U.S.C. 101 for substantially the same reasons as independent method claim 1. 
          Accordingly, claims 1-2 and 4-18 are not draw to eligible subject matter as they are directed to an abstract idea without significantly more and are rejected under 35 USC § 101 as being directed to non-statutory subject matter.




                                                Claim Rejections - 35 USC § 103

10.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

11.      Claims 1-2 and 4-18 are rejected under 35 U.S.C. 103 as being Ng et al. (hereinafter Ng, US 2017/0085595) in view of Martin et al. (hereinafter Martin, US 2018/0004942).
Regarding to claim 1, Ng discloses computer security monitoring method, including:
           continuously gathering machine-readable facts relating to a number of topics (para [0218], the data gathering aspect of the system 505 can allow for continual and periodic collection of data over time; para [0028], For cyber insurance risk, if insured entities are very similar to one another in a variety of key attributes such as revenue, clientele, industry, technology utilized such as cloud computing service provider, content delivery network (CDN) provider, operating system, firewall vendor, intrusion detection system vendor, security services provider, etc., or other factors, a loss, (e.g., due to a cyber attack), by one of these insured entities might imply that other insured entities having similar attributes will also experience a loss);
          continuously deriving and storing risk profiles for a plurality of monitored entities based on at least some of the facts (para [0005], periodically re-assessing the risk of a cyber security failure in the computer network of the entity over time as the periodic or continual collecting of the information occurs over time, wherein the re-assessing of the risk results in any of: an update to the change or setting to the at least one element of policy criteria of the cyber security policy; and an update to the computer network changes; para [0084], The method 400 includes receiving 405 a variable profile for a new entity. The variable profile either includes a set of variables or a set of variables is deduced from the variable profile. As mentioned above, the variable profile can include an application form, a resume, a corporate filing such as a tax return, or any other document that includes attributes of an entity);
an end user may determine similar attributes shared between pluralities of entities. These shared attributes can be aggregated into clusters to locate groups of entities with shared attributes. In one example, several entities use the same content delivery network (CDN), the same cloud service provider, a similar website traffic profile, have overlapping executives, and report similar revenue. While these entities may also share attributes with other entities, these attributes are used in various embodiments to create a cluster or grouping of entities that, when considered in the aggregate, have a low diversity score due to the similarities in this example);
          adjusting the ontology over time (para [0032], the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes when determining diversity, (e.g., a diversity score for aggregate cyber risk).
          continuously aggregating the risk scores for the scored entities for each of the organizational entities based on the associations in the ontology to derive an aggregated risk score (para [0145], the scoring and plotting module 535 is configured to determine a position of an entity within an aggregate risk score of a portfolio of entities. Thus, the scoring and plotting module 535 has been used to calculate an aggregate risk score (motivation, sophistication, and/or combined) for numerous entities. In one embodiment, the scoring and plotting module 535 selects a plurality of motivation elements and analyzes these elements for each of a portfolio (plurality) of entities using the above examples as a guide for calculating motivation scores); and
continuously determining whether the aggregated organization risk score meets one or more predetermined criteria  (para [0151], FIG. 8 is an example graphical user interface (GUI) that comprises a bar graph illustrating the plotting of a plurality of entities based on their combination scores. The bar graph 800 comprises a vertical axis that represents a number of companies and a horizontal axis that represents combination scores for a set of entities. For example, most entities in the group have combination scores (sophistication and motivation) that fall within a score range of 51-60. Other groups of entities fall within other score ranges);
            electrically issuing an alert in response of changing scores (para [0055], the recommendation module 140 can automatically identify variables, which if changed, would affect the diversity score. For example, if the entities are or utilize technology company service providers that use a particular CDN, the recommendation module 140 can output a recommendation that diversification in this area would be beneficial. The end user can alert the entities and encourage them to explore other options for CDNs. If the end user is an insurer, for example, the insurer can encourage this change by offering rate concessions to the insured entities; para [0063], The recommendation module 140 can alert the end user if the addition of the new entity decreases the diversity score. The recommendation module 140 can alert the end user if the addition of the new entity increases the diversity score as well).
            Ng does not disclose, however, Martin discloses: 
            electrically issuing a real-time alert in response to the meeting of the predetermined criteria (para [0056], calculate a confidence score for presence of the security threat on the network proportional to this degree of temporal alignment in Block S140; and then issue an alert in response to this confidence score exceeding a preset threshold value in Block S150; para [0057], if this confidence score exceeds a preset threshold value, the system can: predict that the network has been exposed to the newly-identified security threat at some time during the time window represented by the network accounting log; and then issue an alert accordingly in Block S150; para [0071], the system scans new network events for threat elements (e.g., IOCs) defined in the new threat intelligence substantially in real-time in Block S160 and generates alerts for possible exposure to the newly-identified security threat in response to detected similarities between these new network events and these new threat elements; para [0076], the system can issue alerts substantially in real-time in response to detecting IOCs—defined in the threat intelligence database—in new network events).
           Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Ng’s to incorporate the features taught by Martin above, for the purpose of providing more effective in monitoring the cyber risk by providing the user the real-time alert in response to the meeting of the predetermined criteria. Since Ng discloses monitoring the cyber risk and electrically issuing an alert, Martin teaches monitoring the cyber risk and electrically issuing a real-time alert in response to the meeting of the predetermined criteria, as discussed above, therefore, one of ordinary skill in the art would have recognized that the combination Ng and Martin would have yield predictable results in monitoring the cyber risk.
           Regarding to claim 2, Ng discloses the method of claim 1 further including responding to user requests to explore the ontological relationships that led to the aggregated organizational risk score (para [0032], The present technology can be used to analyze diversity/similarity between many entities. The diversity/similarity analyses can use hundreds and even thousands of attributes, looking for diversity or commonality there between. In some instances, the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes when determining diversity, (e.g., a diversity score for aggregate cyber risk).
            Regarding to claim 4, Ng discloses the method of claim 1 wherein the step of electronically reporting includes issuing a report that includes the aggregated organizational entity risk score (para [0151], FIG. 8 is an example graphical user interface (GUI) that comprises a bar graph illustrating the plotting of a plurality of entities based on their combination scores).
           Regarding to claim 5, Ng discloses the method of claim 4 wherein the step of issuing a report includes issuing a report that further includes a plurality of visual elements that visually summarize the ontological relationships that lead to the aggregated organizational entity risk score (para [0156], FIG. 11 is an example graphical user interface (GUI) that comprises a scatter plot that represents a plurality of entities plotted according to their combination score. The scatter plot 1100 includes a plurality of data points that each represents an entity).
          Regarding to claim 6, Ng discloses the method of claim 4 wherein the step of issuing a report includes issuing an interactive report that includes a plurality of controls that allow the user to explore the ontological relationships that lead to the aggregated organizational entity risk score (para [0158], FIG. 12 is an example graphical user interface (GUI) 1200 that comprises a scatter plot that represents a plurality of entities plotted according to their combination score, as well as additional graphical representations for an entity and a list of recommendations based on the plotting. The scatter plot includes a line 1205 of acceptable motivation/sophistication scores).
            Regarding to claim 7, Ng discloses the method of claim 4 wherein the step of issuing a report includes issuing an interactive report that includes a plurality of visual elements that visually summarize the ontological relationships that lead to the aggregated organizational entity risk score, and wherein the visual elements are responsive to user actuation to allow the user to explore the ontological relationships that lead to the aggregated organizational entity risk score (para [0154], FIG. 10 is an example graphical user interface (GUI) that comprises a bar graph illustrating the plotting of a plurality of entities based on their motivation scores. The bar graph 1000 comprises a vertical axis that represents a number of companies and a horizontal axis that represents motivation scores for a set of entities).
           Regarding to claim 8, Ng discloses the method of claim 7 wherein the step of presenting visual elements presents the visual elements as a series of textual links that visually summarize the ontological relationships that lead to the aggregated organizational entity risk score, and wherein the links can be actuated to further explore the ontological relationships that lead to the aggregated organizational entity risk score (para [0120], The system 505 may gather variables for an entity by querying the entity for information, collecting information from available online sources such as websites, corporate filings, news sources, other public record databases, and other resources).
           Regarding to claim 9, Ng discloses the method of claim 1 further including continuously updating the ontological relationships using an ongoing ontology maintenance process (para [0005], periodically re-assessing the risk of a cyber security failure in the computer network of the entity over time as the periodic or continual collecting of the information occurs over time, wherein the re-assessing of the risk results in any of: an update to the change or setting to the at least one element of policy criteria of the cyber security policy; and an update to the computer network changes).
           Regarding to claim 10, Ng discloses the method of claim 1 wherein the ontological relationships include relationships between different organizational entities (para [0073], Next, the method 200 includes the system 105 calculating 225 a diversity score that represents how different the plurality of entities are to one another based on variables that are not shared between the plurality of entities).
          Regarding to claim 11,    Ng discloses the method of claim 10 wherein the ontological relationships include relationships between organizational entities and their subsidiaries (para [0028], an insurer may desire to understand the diversity of their insured entities with respect to aggregate cyber risk and utilize a measure of diversity to prevent too much similarity between insured entities, and/or to compare their diversity to their industry peers).
           Regarding to claim 12, Ng discloses the method of claim 10 wherein the ontological relationships include relationships between organizational entities and their contractors (para [0094], the policy, including but not limited to a cyber policy, may be a policy from an insurance company or it could be a product warranty for first and/or third party costs that an entity purchases from a networking or security product or services provider).
           Regarding to claim 13, Ng discloses the method of claim 1 wherein the ontological relationships include relationships between organizational entities and if insured entities are very similar to one another in a variety of key attributes such as revenue, clientele, industry, technology utilized such as cloud computing service provider, content delivery network (CDN) provider, operating system, firewall vendor, intrusion detection system vendor, security services provider, etc., or other factors, a loss, (e.g., due to a cyber attack), by one of these insured entities might imply that other insured entities having similar attributes will also experience a loss).
          Regarding to claim 14, Ng discloses the method of claim 1 wherein the ontological relationships include relationships between organizational entities and types of technology (para [0028], For cyber insurance risk, if insured entities are very similar to one another in a variety of key attributes such as revenue, clientele, industry, technology utilized such as cloud computing service provider, content delivery network (CDN) provider, operating system, firewall vendor, intrusion detection system vendor, security services provider, etc., or other factors).
          Regarding to claim 15, Ng discloses the method of claim 1 wherein the ontological relationships can be expressed as a directed acyclic graph (para [0147], The scoring and plotting module 535 can also be utilized to generate graphs and GUIs that display various scores in graphical format(s). For example, in FIG. 6, a graph with two axes is illustrated. The graph 600 comprises a vertical axis that is representative of motivation elements, and the horizontal axis is representative of sophistication elements. Indeed, this graph can be used to display information about a single entity or a plurality of entities).
          Regarding to claim 16,    Ng discloses a computer security monitoring system, including:
entities and end users can access and interact with the system 105 using a variety of graphical user interfaces (GUIs) such as a dashboard, including various elements as described herein. The system 105 can use the dashboard to display messages or notifications as well as diversity scores, similarity scores, and/or recommendations; para [0042], The system may gather variables for an entity by querying the entity for information, collect information from available online sources such as websites, corporate filings, news sources, other public record databases and resources);
           risk assessment logic responsive to the fact monitoring interface and operative to continuously derive and store risk profiles for a plurality of monitored entities based on at least some of the facts (para [0005], periodically re-assessing the risk of a cyber security failure in the computer network of the entity over time as the periodic or continual collecting of the information occurs over time, wherein the re-assessing of the risk results in any of: an update to the change or setting to the at least one element of policy criteria of the cyber security policy; and an update to the computer network changes; para [0084], The method 400 includes receiving 405 a variable profile for a new entity. The variable profile either includes a set of variables or a set of variables is deduced from the variable profile. As mentioned above, the variable profile can include an application form, a resume, a corporate filing such as a tax return, or any other document that includes attributes of an entity);
           ontology storage operative to store an ontology that is adjusted over time and associates a different subset of the monitored entities to each of a plurality of an end user may determine similar attributes shared between pluralities of entities. These shared attributes can be aggregated into clusters to locate groups of entities with shared attributes. In one example, several entities use the same content delivery network (CDN), the same cloud service provider, a similar website traffic profile, have overlapping executives, and report similar revenue. While these entities may also share attributes with other entities, these attributes are used in various embodiments to create a cluster or grouping of entities that, when considered in the aggregate, have a low diversity score due to the similarities in this example; para [0032], the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes when determining diversity, (e.g., a diversity score for aggregate cyber risk);
           aggregation logic operative to continuously aggregate the risk scores for the scored entities for each of the organizational entities based on the associations in the ontology to derive an aggregated risk score (para [0177],  the method 1500 includes the system 505 creating 1515 an aggregate risk score of a portfolio of entities based on a plurality of motivation scores including the motivation score and a plurality of sophistication scores including the sophistication score; and benchmarking over time at least one of the sophistication score, the motivation score, the composite score, and the aggregate risk score); and
            an alert interface operative to continuously determine whether the aggregated organizational risk score meets one or more predetermined criteria (para [0151], FIG. 8 is an example graphical user interface (GUI) that comprises a bar graph illustrating the plotting of a plurality of entities based on their combination scores. The bar graph 800 comprises a vertical axis that represents a number of companies and a horizontal axis that represents combination scores for a set of entities. For example, most entities in the group have combination scores (sophistication and motivation) that fall within a score range of 51-60. Other groups of entities fall within other score ranges), and to electrically issue an alert in response of changing scores (para [0055], the recommendation module 140 can automatically identify variables, which if changed, would affect the diversity score. For example, if the entities are or utilize technology company service providers that use a particular CDN, the recommendation module 140 can output a recommendation that diversification in this area would be beneficial. The end user can alert the entities and encourage them to explore other options for CDNs. If the end user is an insurer, for example, the insurer can encourage this change by offering rate concessions to the insured entities; para [0063], The recommendation module 140 can alert the end user if the addition of the new entity decreases the diversity score. The recommendation module 140 can alert the end user if the addition of the new entity increases the diversity score as well).
            Ng does not disclose, however, Martin discloses: 
            electrically issue a real-time alert in response to the meeting of the predetermined criteria (para [0056], calculate a confidence score for presence of the security threat on the network proportional to this degree of temporal alignment in Block S140; and then issue an alert in response to this confidence score exceeding a preset threshold value in Block S150; para [0057], if this confidence score exceeds a preset threshold value, the system can: predict that the network has been exposed to the newly-identified security threat at some time during the time window represented by the network accounting log; and then issue an alert accordingly in Block S150; para [0071], the system scans new network events for threat elements (e.g., IOCs) defined in the new threat intelligence substantially in real-time in Block S160 and generates alerts for possible exposure to the newly-identified security threat in response to detected similarities between these new network events and these new threat elements; para [0076], the system can issue alerts substantially in real-time in response to detecting IOCs—defined in the threat intelligence database—in new network events).
           Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Ng’s to incorporate the features taught by Martin above, for the purpose of providing more effective in monitoring the cyber risk by providing the user the real-time alert in response to the meeting of the predetermined criteria. Since Ng discloses monitoring the cyber risk and electrically issuing an alert, Martin teaches monitoring the cyber risk and electrically issuing a real-time alert in response to the meeting of the predetermined criteria, as discussed above, therefore, one of ordinary skill in the art would have recognized that the combination Ng and Martin would have yield predictable results in monitoring the cyber risk.
           Claim 17 is written in means and contains the same limitations found in claim 1 above, therefore, is rejected by the same rationale.
          Regarding to claim 18,    Ng does not disclose, however, Martin discloses the method of claim 1 wherein the computer network security monitoring method is part of a generalized threat monitoring method that further includes continuously determining whether other types of aggregated risk scores meet other types of predetermined criteria, and electronically issuing real-time alerts in response to the meeting of the other types of if the confidence score calculated by the system for the newly-identified security threat is greater than the threshold value (e.g., a low score of 0.1 or 10%), the system can generate an alert specifying the newly-identified security threat, assets on the network that may be involved or exposed to the newly-identified security threat, and the confidence score. Later, the system or other computer system connected to the network can merge this alert with other alerts, behaviors, and/or signals generated or detected on the network to predict exposure to the same or other security threat to a greater degree of confidence sufficient to trigger a manual investigation; para [0062], the system issues an alert in Block S150 if the confidence score for exposure to the newly-identified security threat is greater than a threshold value (e.g., a low score of 0.1 or 10%). The system can later: combine this alert with other alerts—such as generated by IDSs and IPSs on the network—to form a composite alert; calculate a risk score for the composite alert; and prompt human security personnel (e.g., a security analyst) at a security operation center (or “SOC”) to investigate a possible cyber attack on the network only once the calculated risk score for the composite alert exceeds a threshold risk score; para [0076], the system can issue alerts substantially in real-time in response to detecting IOCs—defined in the threat intelligence database—in new network events).
           Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the claimed invention to modify Ng’s to incorporate the features taught by Martin above, for the purpose of providing more effective in monitoring the cyber risk by providing the user the real-time alert in response to the meeting of the predetermined criteria. Since Ng discloses monitoring the cyber risk and electrically issuing an alert, Martin teaches monitoring the cyber risk and electrically issuing a real-time alert in response to the meeting of the predetermined criteria, as discussed above, therefore, one of ordinary skill in the art would have recognized that the combination Ng and Martin would have yield predictable results in monitoring the cyber risk.


                                 
                                        Response to Arguments/Amendment
12.      Applicant's arguments with respect to claims 1-2 and 4-18 have been fully considered but are not persuasive.
            
            I. Claim Interpretation
               The Applicant did not traverse the 112(f) Claim Interpretation and the presume 112(f) as stated above.
                According, the Claim Interpretation is maintained

            II. Claim Rejections - 35 USC § 101
                In response to the Applicant’s arguments the Examiner submits that the Applicant’s response was not based on the 2020 Revised Patent Subject Matter Eligibility Guidance (2019 PEG).
              Claims 1-2 and 4-18 are rejected under 35 U.S.C. 101 because the claim invention is directed to a judicial exception (i.e., law of nature, natural phenomenon, or abstract idea) without significantly more based on the 2020 Revised Patent Subject Matter Eligibility Guidance (2019 PEG). (See details above).

 
         II. Claim Rejections - 35 USC § 102
 Applicant’s arguments with respect to claims 1-2 and 4-18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. The new ground of 103 rejection described above.


                                    
                                                                  Conclusion
13.        Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
            A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

1-2 and 4-18 are rejected.
15.     The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure:
            Martin et al. (2018/0004948) disclose a method for predicting and characterizing cyber attacks includes: receiving, from a sensor implementing deep packet inspection to detect anomalous behaviors on the network, a first signal specifying a first anomalous behavior of a first asset on the network at a first time.
            Paturi et al. (US 2020/0396244) disclose an apparatus and method for cyber risk quantification calculated from the likelihood of a cyber-attack on the target enterprise and/or cyber ecosystem based on its security posture. 
            Ganor (US 2018/0375892) disclose the device is also configured to calculate a risk exposure metric for an asset of the enterprise based on the enterprise activity and whether the enterprise is complying with the security policies and procedures, and output, to the display, a graphical user interface (GUI) identifying the risk exposure metric. 
           Carpenter et al. (US 2017/0208086) disclose an apparatus and method for near-real-time export of cyber-security risk information, including but not limited to in industrial control systems and other systems.
           Zandani (US 9,426,169) discloses a method for cyber attack risk assessment, the method including operating at least one hardware processor for: collecting global cyber attack data from a networked resource; 
           Singh et al. (US 2014/0279641) disclose techniques are provided that produce a risk profile consisting of a risk score and trends of risk scores across entities such as user identities and other objects.  

            
16.       Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner NGA B NGUYEN whose telephone number is (571) 272-6796.  The examiner can normally be reached on Monday-Friday 7AM-5PM.
          Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eric Stamber can be reached on (571) 272-6724.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service 


/NGA B NGUYEN/Primary Examiner, Art Unit 3683                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    January 22, 2022