DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is in response to the applicant’s filling on 11/23/2021.  The claims 1-20 are pending.
	
Terminal Disclaimer
The terminal disclaimer filed on 11/23/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Pat No 10,454,958 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Arguments
Applicant’s arguments filed 11/23/21 with the Terminal Disclaimer for the previous Double Patenting rejection have been fully considered and are persuasive.  The Double Patenting rejection has been withdrawn. 

Applicant's arguments filed 11/23/21 have been fully considered but they are not persuasive.

Applicant argues on page 7 that Readshaw does not disclose “to receive an input that includes a type of cyber-security attack”.


Applicant argues claim 9 is not the same as claim 1 and does not contain the limitation of a “type of cyber-attack”.  
Examiner respectfully notes Applicant does not provide an argument for claim 9 except that claim 9 does not include the limitation “type of cyber-attack” as in claim 1.  Claim 9 was rejected based on the analysis of claim 1, and is expanded below without changing the scope of the previous rejection.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Neil Readshaw (US Pub No 2009/0241168) in view of Hawthorn et al. (US Pub No 2015/0229664).

With respect to claim 1, Readshaw teaches a system, comprising: 
a monitoring agent, configured to automatically monitor usage of a computing device by a user (e.g., security-awareness modules for determining a measure of security awareness of a user ¶ 0023); and 
a processor, configured: 
	to receive an input that includes a type of cyber-security attack (e.g., the security awareness module can be configured to simulate a cyber-security attack against a user, and depending on how the user responds to the particular simulated cyber-security attack, the security awareness module calculate the measure of security awareness ¶ 0030;  and ¶ [0031] further teaches the security awareness module decrement or increment the security awareness based on how a user respond to a particular types of cyber-security attack, such as “phishing e-mail” being calculated differently from other types of cyber-security attack, therefore teaches that different measurement is given for different types of cyber-security attacks.  Together, teaches the security awareness module is able to receive an input on “a type of cyber-security attack” in order to calculate the particular security awareness measure for the particular type of cyber-security attack associated with a user),
to compute a characteristic vector of coefficients, each of which qualifies competence of the user in a different one of a plurality of cyber-security areas based on the monitored usage of the computing device by the user (e.g., each type of security awareness corresponds to a characteristic vector of coefficients to later use to compute a final and compound security awareness score ¶ 0031-0035);
to compute, based on the monitoring, a score indicating a cyber-security awareness of the user with respect to the attack (e.g., compute the security awareness score with respect to a particular attack ¶ 0035, which refers to any metric for ordering or ranking the user’s knowledge with different levels of security awareness represented on a numeric scale or non-numeric scale from “Expert” through “Novice” ¶ 0023 & 0033), and 
to generate an output indicative of the score (e.g., depending on the determined measure of security awareness, generating an output indicative of the security score ¶ 0023). 
Readshaw discloses the computing of a final security awareness score, but does not explicitly disclose computing a score quantifying a cyber-security awareness of the user with respect to the type of attack.  However, analogous art in the same field of endeavor, Hawthorn teaches 
computing a score quantifying a cyber-security awareness of the user with respect to the type of attack (e.g., a user risk calculator computing a score quantifying the user’s cyber-security awareness or “ThreatScore” based on a plurality of data vector comprising security item interaction data, training item interaction data, user property data, and/or user technical information collected for a given user with the set of risk scoring metrics ¶ 0171).
Therefore, based on Readshaw in view of Hawthorn, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Hawthorn to the system of Readshaw in order to provide a preventative and forward-thinking method and system for security risk assessment to secure an enterprise network and mobile device (¶ 0003).



	With respect to claim 3, Readshaw further teaches wherein the monitoring agent comprises a software agent installed on the computing device (e.g., security-awareness module(s) ¶ 0008 & 0023). 

	With respect to claim 4, Readshaw further teaches wherein the processor is configured to compute the score by: recommending a simulated cyber-security attack, and computing the score, based on a response of the user to the simulated attack (e.g., simulate a security attack against the user and adjusting the security awareness score accordingly ¶ 0030). 

	With respect to claim 5, Readshaw further teaches wherein the processor is further configured to receive an input that includes a type of cyber-security attack (e.g., receiving input indicating the particular type of event and nature of the event ¶ 0031).

	With respect to claim 6, Hawthorn further teaches wherein the processor is configured to compute the score by: computing, based on the monitoring, a characteristic vector of coefficients, each of which quantifies competence of the user 2510171-480US2 in a different respective one of a plurality of cyber-security areas, and computing the score, based on the characteristic vector of coefficients, and respective weightings of each of the 5coefficients with respect to the type of attack (e.g., calculating a weighted score, a “ThreatScore”, from a plurality of input vector, each of which relating to a different respective area of cyber-security, ¶ 0185 and Figs. 6 &13).  The motivation to combine Hawthorn to the system of Readshaw remains the same as in the independent claim.

With respect to claim 7, the reference above further teach wherein the processor is configured to compute the score by computing, using the weightings, a weighted sum of the coefficients (e.g., weighting on a per-item-basis @ Readshaw ¶ 0006 & 00173-0174 and further at Hawthorn ¶ 0185 for calculating a weighted score, the ThreatScore). 

With respect to claim 8, Readshaw further teaches wherein the processor is configured to use a machine-learned model to compute the characteristic vector of coefficients (e.g., using machine-learned model to compute the risk score over time ¶ 0167 & 0169-0173). 

With respect to claim 9, Readshaw teaches a system, comprising: 
an information repository; and a processor (e.g., security-awareness modules for determining a measure of security awareness of a user ¶ 0023), configured: 
to retrieve, from the information repository, information regarding network traffic exchanged with a computing device of a user  (e.g., the security awareness module can be configured to simulate a cyber-security attack against a user, and depending on how the user responds to the particular simulated cyber-security attack, the security awareness module calculate the measure of security awareness ¶ 0030;  and ¶ [0031] further teaches the security awareness module decrement or increment the security awareness based on how a user respond to a particular types of cyber-security attack, such as “phishing e-mail” being calculated differently from other types of cyber-security attack, therefore teaches that different measurement is given for different types of cyber-security attacks.  Together, teaches the security awareness module is able to receive an input on “a type of cyber-security attack” in , 
to compute, based on the information, a score [quantifying] a cyber-security aware- ness of the user (e.g., each type of security awareness corresponds to a characteristic vector of coefficients to later use to compute a final and compound security awareness score ¶ 0031-0035), and 
to generate an output indicative of the score (e.g., depending on the determined measure of security awareness, generating an output indicative of the security score ¶ 0023). 
Readshaw discloses the computing of a final security awareness score, but does not explicitly disclose computing a score quantifying a cyber-security awareness of the user.  However, analogous art in the same field of endeavor, Hawthorn teaches 
computing a score quantifying a cyber-security awareness of the user (e.g., a user risk calculator computing a score quantifying the user’s cyber-security awareness or “ThreatScore” based on a plurality of data vector comprising security item interaction data, training item interaction data, user property data, and/or user technical information collected for a given user with the set of risk scoring metrics ¶ 0171).
Therefore, based on Readshaw in view of Hawthorn, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Hawthorn to the system of Readshaw in order to provide a preventative and forward-thinking method and system for security risk assessment to secure an enterprise network and mobile device (¶ 0003).

The limitations of claim 10 are similar to claim 1 above, and therefore these claims are rejected based on the same basis.



The limitations of claim 12 are similar to claim 3 above, and therefore this claim is rejected on the same basis.

The limitations of claim 13 are similar to claim 4 above, and therefore this claim is rejected on the same basis.

The limitations of claim 14 are similar to claim 5 above, and therefore this claim is rejected on the same basis.

The limitations of claim 15 are similar to claim 6 above, and therefore this claim is rejected on the same basis.

The limitations of claim 16 are similar to claim 7 above, and therefore this claim is rejected on the same basis.

The limitations of claim 17 are similar to claim 8 above, and therefore this claim is rejected on the same basis.

With respect to claim 18, the references above further teaches wherein computing the characteristic vector of coefficients comprises computing the characteristic vector of coefficients by 
 
With respect to claim 19, the references above further teaches prior to computing the characteristic vector: using the monitoring agent, by monitoring at least one user, obtaining a first plurality of features, by monitoring the at least one user using a monitoring technique that is not used by the monitoring agent, obtaining a second plurality of features, and calibrating the mapping such that a characteristic vector of coefficients mapped from the first plurality of features is within a threshold of similarity of a characteristic vector of coefficients mapped from the second plurality of features (e.g., Readshaw: a training module ¶ 0028-0031).

With respect to claim 20, the references above further teaches prior to computing the characteristic vector, calibrating the mapping, by: using characteristic vectors of coefficients obtained from the mapping, computing respective scores, for a plurality of users, that indicate awareness of the users with respect to a particular type of cyber-security attack, and checking a correlation between the scores and respective responses of the users to a simulated attack of the particular type (e.g., Readshaw: simulating attack ¶ 0028-0031).  

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAU LE whose telephone number is (571)270-7217.  The examiner can normally be reached on M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL COLIN can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.