Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant’s arguments with respect to claim(s) 1-22, 4-10, 12-18, 20-24 have been considered but are moot in view of new grounds of rejection Cassidy US 2019/0052660


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-10, 12-18, 20-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Boggs US 10,594,722 in view of Cassidy US 2019/0052660 in view of Roundy US 9,888,024.
As per claims 1, 9, 17 Boggs teaches A computer-implemented method, executed on a computing device, comprising: detecting one or more security events within a computing platform of a client; notifying the client of the one or more security events within the computing platform; determining if the client responded to the one or more security events within the computing platform; and providing a response report to the client that quantifies client response 
Boggs teaches The computer-implemented method of claim 2 wherein the response report compares the client response rate to the response rate of third-parties.  (Column 2 lines 1-65; Column 11 lines 1 to Column 12 line 35; Column 15 lines 9-16) (Compares different security products by detection rate, compares client/user response rate to a different user group in detecting security events)  

Cassidy teaches a response report, determining how long it took the client to resolve the one or more security events, comparing the response report to a third party where the response rate of the client based upon failure of the client to respond to the detected security events the client was notified of where the client is one or more of a user owner and operator of the computing platform [0008][0062][0075][0076] (teaches generating reports including triage time to determine how long it took a client to resolve a security event, and a response rate of security personnel to security events, teaches that these reports and statistics may be compared to other networks)

It would have been obvious to one of ordinary skill in the art to use the time of Cassidy with Boggs because it is important data for evaluation.


It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the machine learning of Roundy with the previous art because it ensures more accurate descriptive confidence scores regarding security alerts/events. 



As per claims 2, 10, 18 Boggs teaches The computer-implemented method of claim 1 wherein the response report defines a client response rate with respect to if the client responded to the one or more security events within the computing platform.  (Column 4 lines 36-55; Column 7 lines 1-15)  (Boggs teaches reporting/logging malware detection rate) 

As per claim 4, 12, 20 Boggs teaches The computer-implemented method of claim 3 wherein the third-parties include one or more of: other clients regardless of industry; and other clients in the same industry as the client.  (Column 12 lines 35-55) (different security products)

As per claim 5, 13, 21 Boggs teaches The computer-implemented method of claim 1 wherein the response report defines time-based response performance over a defined period of time.  (Column 19 lines 35-57)  (detection over periods of time)




As per claim 7, 15, 23 Boggs teaches The computer-implemented method of claim 5 wherein the time-based response performance includes time-based response performance for third-parties.  (Column 19 lines 35-57)  (detection over periods of time)


As per claim 8, 16, 24 Boggs teaches The computer-implemented method of claim 7 wherein the third-parties include one or more of: other clients regardless of industry; and other clients in the same industry as the client.  (Column 2 lines 1-65; Column 11 lines 10-20)  (Column 19 lines 35-57)  (Compares different security products by detection rate)  



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439