DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on December 2, 2021 for application 16/638,046.  Claims 1-4, 8-10, 13, and 15-19 were amended, claim 14 was cancelled, and claim 21 was added as a new claim.  Claims 1-13 and 15-21 remain pending in the application.
Response to Arguments
	The Examiner has fully considered the Applicant’s arguments filed on December 2, 2021, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 8 of the Remarks that concerns the objection to claims 2 and 17, the amendments to the claims adequately addresses the issue and the objection is withdrawn.
	Regarding the Applicant’s response at pages 8-13 of the Remarks that concerns the § 102 rejection of the independent claims 1 and 16, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to independent claims 1 and 16 because the arguments do not apply to one of the references currently used in the rejection of the aforementioned claims as detailed below.

Regarding the Applicant’s request for an interview, the Examiner welcomes the Applicant to schedule an interview prior to the filing of an RCE to confirm that any proposed amendments will successfully advance prosecution.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1-8, 16-19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Zorlular et al. (US 2018/0183827, “Zorlular”) in view of Lockhart et al. (US 2017/0161520, “Lockhart”).
Regarding Claim 1
Zorlular discloses
A method…1 (abstract, Fig. 2), the method comprising: 
populating, via a server (¶ [0115], “The computer readable program instructions may execute entirely on a user's computer (e.g., the executing computing device), partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server,” and when executing “entirely on … [a] server,” the server can populat[e] the data structure to create the “weight table 400”), 
a data structure with breach information  (Fig. 4, ¶¶ [0090]-[0092], i.e., the “weight table 400” is a data structure (which is physically stored in computer memory), where the “Indicators” comprise breach information, i.e., “Some indicators, [such as data exfiltration] as indicated by column range 414, may relate to risk [as a breach] posed to a specific resource”); 
wherein the breach information includes: 
a plurality of …2 information elements (Fig. 4, ¶¶ [0090]-[0092], e.g., “Resources 1-3,” such as the “Tax Return Database”); and 
a plurality of …3 harms (Fig. 4, ¶¶ [0090]-[0092], i.e., the “Indicator” column, such as the harm of “data exfiltration”); 
4 …;
wherein each consumer information element of the plurality of consumer information elements is paired with each consumer harm of the plurality of consumer harms to generate a plurality of information element-harm data pairs (Fig. 4, ¶¶ [0090]-[0092], i.e., each row and each column intersect to generate a plurality of information element-harm data pairs); 
generating, using an algorithm, an element risk score for each respective information element-harm pair of the plurality of information element-harm data pairs (Fig. 4, ¶¶ [0025]-[0027], “An analyst's effectiveness in detecting cyber attacks and evaluating alerts may further be enhanced by the analyst being presented with aggregates, such as totals, counts and averages, calculated [via an algorithm] from several indicators;” “The [risk] scoring is based on a mapping between each indicator and an estimate of the likelihood that the indicator is indicative of activity related to a cyber attack against a resource. Such a mapping is referred to as the “weight” of the corresponding indicator;” and Fig. 4, ¶¶ [0090]-[0092], “FIG. 4 illustrates an example weight table 400 according to an embodiment of the present disclosure,” and “Based on the weight table, different events may be assigned different risk estimates [as an element risk score] based on the resource that they correspond to.”); and 
associating, in the data structure, the element risk score with the respective information element-harm data pair (Fig. 4, i.e., the “weight table 400” associate[es] the weight score/risk score with the individual pair[s] created by intersection the data of rows and columns).
Zorlular doesn’t disclose]
1 … for determining a consumer’s risk of harm resulting from a data breach of the consumer’s information,
	2 …consumer information elements…
	3 … consumer harms…
	4 wherein each consumer harm is characterized as a harm experienced by a consumer which results from a breach of at least one consumer information element;
Lockhart, however, discloses
	1 … for determining a consumer’s risk of harm resulting from a data breach of the consumer’s information (¶ [0031], “Embodiments of compromised identity exchange systems and methods are described below that may be configured … in order to evaluate risk, to mitigate harm to companies and consumers from such data breaches, or any combination thereof.;” and “Potential risk to a consumer or to an at-risk entity may be determined based on the results of the match.”),
	2 …consumer information elements… (¶ [0030], “In certain embodiments, the PII [personally identifying information] data may include names, dates of birth, addresses, social security numbers, email addresses, phone numbers, credit card numbers, bank information, other data, or any combination thereof,” i.e., these elements as PII can be incorporated into the weight table 400 of Zorlular as a User Role, which is that of a consumer)
	3 … consumer harms… (¶ [0030], “Further, an at-risk entity may be in danger [of the consumer harms] of opening new fraudulent accounts based on the exposed data, permitting account takeover of an existing account based on the exposed data, 
	4 wherein each consumer harm is characterized as a harm experienced by a consumer which results from a breach of at least one consumer information element (¶¶ [0029]-[0030], “As used herein, the term ‘exposed data’ or ‘compromised data’ refers to any part of personally identifying information (PII) that may have been compromised or breached;” and “an at-risk entity [or consumer] may be in danger [of experience[ing]] the consumer harm] of opening new fraudulent accounts based on the exposed data”);
	Regarding the combination of Zorlular and Lockhart, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the attack warning system of Zorlular to have included the consumer feature of Lockhart. One of ordinary skill in the art would have been motivated to incorporate the consumer feature of Lockhart because Lockhart discusses the problems associated with data breaches that compromise PII, such as identity theft, see Lockhart ¶ [0003], and Lockhart provides a system “to evaluate risk [and] mitigate harm to companies and consumers from such data breaches,” see Lockhart ¶ [0031].
Regarding Claim 2
Zorlular in view of Lockhart (“Zorlular-Lockhart”) discloses the method of claim 1, and Zorlular further discloses
wherein the breach information (Fig. 4, ¶¶ [0090]-[0092]) further includes: 
a breach event descriptor, wherein the breach descriptor identifies…1  (Fig. 4, ¶¶ [0090]-[0092], i.e., the words “Data Exfiltration from Resource” serves as a breach event descriptor that identifies a breach event); and 
at least one breached information element, wherein the at least one breached information element includes the at least one consumer (Lockhart ¶ [0030]) information element of the plurality of consumer information elements which has been compromised by the breach event (Fig. 4, ¶¶[0025]-[0027],  [0090]-[0092], i.e., “Resource 2 (Tax Return Database)” is one breached information element that is an information element and has been compromised by the breach event); 
the method further comprising: 
receiving, via the server (¶ [0115]), the breach event descriptor and the at least one breached information element (¶ [0026], “The scoring is based on a mapping [that results from a receiving of the associated data] between each indicator [as a breach event descriptor] and an estimate of the likelihood that the indicator is indicative of activity related to a cyber attack against a resource;” and ¶ [0059], “Indicator: Any information [that acts as breached information element[s]] that indicates a cyber attack against a resource is more or less likely. Such indicators may include, for example, computer logins and logouts, data sent and received on an organization's network, data transferred to or from a database, data changed or modified by a user, failed or successful user authentications, failed or successful attempts at exploiting a security vulnerability in a computer resource of the organization, failed or successful attempts at “phishing”, failed or successful attempts to install malicious software, or “malware”, on an organization's computers, etc.”); 
associating, in the data structure, the breach event descriptor with the at least one breached information element (Fig. 4, i.e., the “weight table 400” associate[es] within the table acting as a data structure the breach event descriptor (i.e., the harm breached information element by creating the associated weight score/risk score; and 
associating, using the data structure, each information element-harm pair of the plurality of information element-harm data pairs which includes the at least one breached information element with the breach event descriptor (Fig. 4, i.e., the “weight table 400” associate[es] the weight score/risk score with the individual pair[s] created by intersection the data of rows and columns, and this includes the breached information element with the breach event descriptor by way of calculation of the weight score).  
Lockhart further discloses
	1 …an occurrence of a breach event (¶¶ [0028]-[0030], “Conventionally, in response to a breach of a company's data security”) during which at least one consumer information element is compromised (¶¶ [0028]-[0030], “Further, an at-risk entity may be in danger of opening new fraudulent accounts based on the exposed data, permitting account takeover of an existing account based on the exposed data, experiencing theft of services based on the exposed data, allowing unauthorized access to further information (such as tax returns) based on the exposed data, and so on.”);
Regarding the combination of Zorlular and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 2.
Regarding Claim 3
Zorlular-Lockhart discloses the method of claim 2, and Zorlular further discloses 
further comprising: 
generating, using the algorithm (¶ [0020], “Certain embodiments of the present disclosure may provide a risk score, or a graphical representation of such risk score, for individual resources, as well as for the organization as a whole (e.g., a “global” risk score). The risk score of each resource may be determined [and thereby generat[ed] via the mathematically based algorithm] by combining [via the algorithm] the risk estimates for each event and alert associated with the resource.”), a harm risk score for the respective consumer (Lockhart ¶ [0030]) harm of each information element-harm data pair associated with the breach event descriptor (¶ [0020], “Certain embodiments of the present disclosure may provide a risk score [as a harm risk score], or a graphical representation of such risk score, for individual resources,…,” and Fig. 4, ¶¶ [0090]-[0092] for disclosing the data pair); 
associating, using the data structure, the harm risk score for each consumer harm with the breach event descriptor (Fig. 4, ¶¶ [0020]-[0021], [0025]-[0027], [0090]-[0092], i.e., the use of the calculated “risk scores” as a harm risk score are subsequently employed to calculate the “weights” as presented in the table of Fig. 4); and 
storing in the data structure the harm risk score associated with the breach event descriptor (Fig. 4, ¶¶ [0090]-[0092], [0113], “The computer readable storage medium can be a tangible device that can retain and store data…,” i.e., the aspects shown in Fig. 4 comprise “data” that is stor[ed] in the “storage medium”).
Regarding the combination of Zorlular and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 3.

Regarding Claim 4
Zorlular-Lockhart discloses the method of claim 3, and Zorlular further discloses
further comprising: generating, using the algorithm, a data breach score for the breach event (¶ [0025], “An analyst's effectiveness in detecting cyber attacks and evaluating alerts may further be enhanced by the analyst being presented with aggregates [as a data breach score], such as totals, counts and averages, calculated [via the algorithm] from several indicators [that serve as breach event[s] such as “e-mailing confidential documents”];” and ¶ [0059], “Indicator: Any information that indicates a cyber attack [such as phishing] against a resource is more or less likely.”); and 
wherein generating the data breach score includes summing the harm risk scores of the respective consumer (Lockhart ¶ [0030]) harms of each information element-harm data pair associated with the breach event descriptor to generate the data breach score (¶ [0025], “An analyst's effectiveness in detecting cyber attacks [acting as respective harms] and evaluating alerts may further be enhanced by the analyst being presented with aggregates [that acts as summing], such as totals, counts and averages, calculated from several indicators.”).
Regarding the combination of Zorlular and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 4.
Regarding Claim 5
Zorlular-Lockhart discloses the method of claim 4, and Zorlular further discloses
wherein the data breach score is calculated by the algorithm as an absolute value (¶ [0020], “Such a risk score may be more immediately comprehensible to a user because it can be scaled to a convenient range, such as 0-100,” i.e., the non-scaled value that isn’t within the range of 0-100 represents an absolute value; and ¶ [0025], i.e., the summing of the absolute values of the risk scores lead to the data breach scores).  
Regarding Claim 6
Zorlular-Lockhart discloses the method of claim 4, and Zorlular further discloses 
wherein the data breach score is calculated by the algorithm as a relative value (¶ [0020], “Such a risk score may be more immediately comprehensible to a user because it can be scaled to a convenient range, such as [the relative value[s] of] 0-100;” and ¶ [0025], i.e., the summing of the relative values of the risk scores lead to the data breach scores).  
Regarding Claim 7
Zorlular-Lockhart discloses the method of claim 6, and Zorlular further discloses
further comprising: generating the relative value, using the algorithm, by applying at least one of a scaling factor (¶ [0020], “Such a risk score may be more immediately comprehensible to a user because it can be scaled [via a scaling factor] to a convenient range, such as 0-100,”) and a modifier to the data breach score (¶ [0025], “An analyst's effectiveness in detecting cyber attacks and evaluating alerts may further be enhanced by the analyst being presented with aggregates, such as totals, counts and averages, calculated from several indicators,” i.e., a modifier is the denominator representing a total number of instances when calculating the “averages”).  
Regarding Claim 8
Zorlular-Lockhart discloses the method of claim 4, and Zorlular further discloses 
further comprising: outputting, via the server, the data breach score to a user interface (Fig. 1, ¶ [0018], “ Furthermore, reviewing becomes easier and more effective when indicators are presented using graphical representations such as charts and graphs, and aggregate values such as totals, averages and extreme values;” and Fig. 1, ¶ [0067], “an analyst’s device” as a user interface); and 
wherein the user interface is in communication with the server (Fig. 1, ¶ [0067], i.e., the “remote server 110, 130” possesses a communication path to the “analyst’s device 155”); and
wherein the user interface is configured to be accessible by a consumer owner of the breached information element (Fig. 1, ¶ [0060], “In certain embodiments, the compromised PII exchange system 102 may aggregate the results and provide data corresponding to the results to the source of the request (e.g., an at-risk entity 104, 106, 108, or a consumer using a computing device 120);” and Fig. 8, ¶ [0100], “At 808, the method 800 may include returning a risk score to [a user interface of] a destination device based on the comparison.;” and “The information may be provided to the requesting company or individual [as a consumer owner of the breached PII]…”).
Regarding the combination of Zorlular and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 8.

Regarding Claim 21
Zorlular-Lockhart discloses the method of claim 3, and Zorlular further discloses  
wherein …1 of the respective information element-harm data pairs including the respective harm (Fig. 4, ¶¶ [0090]-[0092], i.e., each row and each column intersect to generate respective information element-harm data pairs).
Lockhart, however, discloses
	1 …generating the harm risk score includes summing the element risk scores… (¶¶ [0076]-[0077], ¶ [0100], “Based on the data, a risk score may be calculated that can reflect the probability that a particular piece of consumer data may be misused,” i.e., the calculation of probabilities frequently involve summing, such as the summing of each of the possible events that are mutually exclusive will equal unity, and thus the summing of element risk scores to generat[e] the harm risk score would be obvious to one skilled in the art.  See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”)	
Regarding the combination of Zorlular and Lockhart, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 21.
Regarding Independent Claim 16 and Dependent Claims 17-19
With respect to claim 16-19, a corresponding reasoning as given earlier for mutatis mutandis, to the subject matter of claims 16-19. Therefore, claims 16-19 are rejected, for similar reasons, under the grounds set forth for claims 1-4. 
B.	Claims 9-13 are rejected under 35 U.S.C. 103 as being unpatentable over Zorlular in view of Lockhart, and further in view of Howes et al. (US 2013/0091574, “Howes”).
Regarding Claim 9
Zorlular-Lockhart discloses the method of claim 8, and Zorlular further discloses  
further comprising: …1 for mitigating the at least one consumer (Lockhart ¶ [0030]) harm associated with the breach event descriptor (Fig. 4, ¶¶ [0090]-[0092], i.e., the words “Data Exfiltration from Resource” serves as a breach event descriptor that identifies a breach event as at least one harm); and 
…2.  
Zorlular-Lockhart doesn’t disclose
	1 …generating, using the algorithm, at least one mitigation action…
	2 outputting the at least one consumer harm and the at least one mitigation action to the user interface.
Howes, however, discloses
1 …generating, using the algorithm (¶ [0041], “In step 240, the incident triage engine may use machine learning [that incorporates an algorithm] to match incidents to appropriate pre-defined remediation plans,” with algorithm of Howes corresponding/augmenting the algorithm of Zorlular), at least one mitigation action… (Fig. 9, ¶¶ [0106]-[0107], “In step 240 of FIG. 2, for example, the incident triage engine mitigation action] plans.”)
	2 outputting the at least one harm and the at least one mitigation action to the user interface (¶ [0135], “Once the order of incidents in the incident resolution queue has been optimized and prioritized, the optimized and prioritized queue may be output [via a user interface] to a security analyst who may then execute remediation according to the queue.”).
	Regarding the combination of Zorlular-Lockhart and Howes, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the attack warning system of Zorlular-Lockhart to have included the remediation feature Howes. One of ordinary skill in the art would have been motivated to incorporate the remediation feature of Howes because Howes discusses the problems facing security analysts when determining a response or mitigation action when a security breach occurs, see Howes ¶¶ [0002]-[0005], and Howes discloses a system that presents prioritized remediation plans based upon their calculated effectiveness.  See Howes ¶¶ [0006]-[0007]. 
Regarding Claim 10
Zorlular in view of Lockhart, and further in view of Howes (“Zorlular-Lockhart-Howes”) discloses the method of claim 9, and Howes further discloses
further comprising: associating, in the data structure (of Zorlular Fig. 4, ¶¶ [0090]-[0092]), the at least one mitigation action with the at least one consumer (Lockhart ¶ [0030]) harm to form a harm-mitigation action data pair (¶ [0106], “The incident triage engine 910 may also receive information from a course-of-action library 930 regarding a harm-mitigation action data pair); 
determining, using the algorithm, a prioritization factor for the harm-mitigation action data pair (¶¶ [0088]-[0100], i.e., the calculations involving “loss forecast”, yield a prioritization factor, where higher losses increases the prioritization of a remediation action).
Regarding the combination of Zorlular-Lockhart and Howes, the rationale to combine is the same as provided for claim 9 due to the overlapping subject matter between claims 9 and 10. 
Regarding Claim 11
Zorlular-Lockhart-Howes discloses the method of claim 10, and Howes further discloses 
wherein the at least one mitigation action includes a plurality of mitigation actions (Fig. 9, ¶ [0106], “Based on the information received from the incident resolution queue 920 and the course-of-action library 930, the incident triage engine 910 may match the incidents in the incident resolution queue 920 with appropriate courses of action from the course-of-action library 930 and output the respective incident/course-of-action pairs 940 as course-of-action recommendations.”); 
determining, using the algorithm, a respective prioritization factor (¶¶ [0088]-[0100]) for each respective mitigation action of the plurality of mitigation actions (¶ [0115], “A goal of the final optimization or prioritization may be to minimize the total loss to the system over the resolution of all of the incidents present in the incident resolution prioritization factor to be calculated for each mitigation action plan that is applied to a particular incident/harm); and 
associating, in the data structure, the respective prioritization factor with each respective mitigation action (¶ [0127], “LT′(t)i represents the loss function for incident i in the queue,” i.e., the subscript or index “i” associate[s] respective prioritization factor[s] with each respective mitigation action based upon the time involved in conducting the remediation action, and the subscript or index “i” is employed to implement a data structure within the computer memory).
Regarding the combination of Zorlular and Howes, the rationale to combine is the same as provided for claim 9 due to the overlapping subject matter between claims 9 and 11.
Regarding Claim 12
Zorlular-Lockhart-Howes discloses the method of claim 11, and Howes further discloses 
further comprising: compiling, using the algorithm, a listing of the plurality of mitigation actions (Fig. 11, ¶ [0110], “As illustrated in FIG. 11, the incident triage engine 1110 may receive information from the incident resolution queue 1120 regarding the incident/course-of-action pairs 1121-1125 [that have been compil[ed]] in the incident resolution queue 1120;” ¶ [0114], “Based on the information received from the incident resolution queue 1120, the incident triage engine 1110 may optimize or prioritize the order of the incidents in the incident resolution queue 1120, and output the prioritized [and compil[ed]] list 1130.”); 
wherein each respective mitigation action is ordered in the listing according to the respective prioritization factor associated with the respective mitigation action (Fig. 11, ¶ prioritization factor] to the system over the resolution of all of the incidents present in the incident resolution queue [that possess respective mitigation action[s]]. This optimization step recognizes that remediation activities take time, and that while the system is handling or responding to one incident, the other incidents in the queue may be causing damage and loss to the system. ”).
Regarding the combination of Zorlular-Lockhart and Howes, the rationale to combine is the same as provided for claim 9 due to the overlapping subject matter between claims 9 and 12.
Regarding Claim 13
Zorlular-Lockhart-Howes discloses the method of claim 9, and Howes further discloses 
further comprising: associating, in the data structure, the user interface with the at least one mitigation action (¶ [0135], “Once the order of incidents in the incident resolution queue has been optimized and prioritized, the optimized and prioritized queue may be output [via a user interface] to a security analyst who may then execute remediation according to the queue.”); 
wherein the user interface is actuatable to initiate the at least one mitigation action (¶ [0135], “Once the order of incidents in the incident resolution queue has been optimized and prioritized, the optimized and prioritized queue may be output to a actuat[e] to iniate] remediation [action] according to the queue.”).
Regarding the combination of Zorlular-Lockhart and Howes, the rationale to combine is the same as provided for claim 9 due to the overlapping subject matter between claims 9 and 13.
C.	Claims 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zorlular in view of Lockhart, and further in view of Cook et al. (US 2017/0161746, “Cook”).
Regarding Claim 15
Zorlular-Lockhart discloses the method of claim 2, and Zorlular further discloses 
further comprising: 
1 …; and 
a …, using the algorithm,… (Fig. 4, ¶¶ [0025]-[0027])
associating, in the data structure (Fig. 4, ¶¶ [0090]-[0092], i.e., the “weight table 400” is a data structure (which is physically stored in computer memory)), the exposure rating (of Cook) with the breach event descriptor: (Fig. 4, ¶¶ [0090]-[0092], i.e., the calculated probability that represents an exposure rating is associate[ed] through program instructions to the breach event descriptor, which is to say that probability factors of Cook are not calculated in isolation – they are calculated in connection to a particular breach event or else the calculated probability would have no utility)
wherein the exposure rating corresponds to a likelihood of exposure of the breached information element.
Zorlular-Lockhart doesn’t disclose
1 generating, …a, an exposure rating for the breach event;
Cook, however, discloses
	1 generating, …a, an exposure rating for the breach event (¶ [0047], “In certain embodiments, the risk scoring module 430 may cause the processor to evaluate risk based on a variety of characteristics of the fraud data, the consumer and of the breach,” and “In contrast, if the data breach involved only 20 records, then the probability [that represents an exposure rating] may be one out of twenty, which high probability increases the potential risk. Other factors may include facts about the data breach, including how the data was exposed, when the data was exposed and so on. A risk score for a particular consumer may increase based on the number of data breaches for which PII data of that user has been included.”);
	Regarding the combination of Zorlular-Lockhart and Cook, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the attack warning system of Zorlular-Lockhart to have included the exposure rating feature of Cook. One of ordinary skill in the art would have been motivated to incorporate exposure rating feature of Cook because Cook teaches the probability of breached data being misused, e.g., “one out of fifteen million” or “one out of twenty,” see Cook ¶ [0047], which consequently indicates the seriousness of the potential “harm.”
Regarding Claim 20
With respect to claim 20, a corresponding reasoning as given earlier for claim 15 applies, mutatis mutandis, to the subject matter of claim 20. Therefore, claim 20 is rejected, for similar reasons, under the grounds set forth for claim 15. 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491