DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Preliminary Amendment, received on 6 December 2019, has been entered into record.  In this amendment, claims 1-68 have been canceled, and claims 69-88 have been added.
Claims 69-88 are presented for examination.

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
The claim for priority from US Provisional 62/516,239 filed on 7 June 2017 is duly noted.

Specification
The disclosure is objected to because of the following informalities: 
In page 14, line 24: “unit 230” should read –unit 225–;
Appropriate correction is required.

Claim Objections
Claim 69 is objected to because of the following informalities:  
In claim 69, line 20: “the server” should read –by the server–.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 69-71, 76-81, and 86-88 is/are rejected under 35 U.S.C. 103 as being unpatentable over Muhart et al. (US 2014/0278730 A1 and Muhart hereinafter) in view of Rakocevic et al. (GB 2464615 A1 and Rakocevic hereinafter), and further in view of Ongpin et al. (US 20210224799 A1 and Ongpin hereinafter).
As to claim 69, Muhart discloses a system and method for vendor management for vendor risk profile and risk relationship generation, the system and method having:
generating, by the server, a score associated with the unique token and representing a security assessment of the client system based at least in part on the electronic file (0005, lines 2-12); 
continuously monitoring, by the server, each client system and when a security threat is detected (0078, lines 1-10; 0079, lines 9-17), 
sending, the server, an alert to each client system (0033, lines 1-10); 
updating, by the server, the score representing the security assessment (0079, lines 9-17).

assigning, by a server, a unique token to each of a plurality of client system to anonymize an identification of each client system and storing a link between each unique token and a corresponding client system; 
receiving, by the server, an electronic file uploaded from a client device of a client system and associated with the unique token of that client system; 
generating, by the server, a unique key for the received electronic file; 
storing, by the server in a data repository, the electronic file corresponding to the unique key; 
deleting, by the server, identification data associated with the client system within the electronic file; 
display, by the server, the electronic file without identification data; 
in response to a confirmation inputted to the server regarding the security assessment, deleting, by the server, the electronic file associated with the unique key within the data repository.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Muhart, as taught by Rakocevic.
Rakocevic discloses a system and method for authentication of mobile terminals, the system and method having:
assigning, by a server, a unique token to each of a plurality of client system to anonymize an identification of each client system and storing a link between each unique token and a corresponding client system (page 4, lines 17-25); 
receiving, by the server, an electronic file uploaded from a client device of a client system and associated with the unique token of that client system (page 4, lines 16-23); 
generating, by the server, a unique key for the received electronic file (page 4, lines 33-36; page 9, lines 13-16); 
storing, by the server in a data repository, the electronic file corresponding to the unique key (page 4, lines 33-36); 
deleting, by the server, identification data associated with the client system within the electronic file (page 4, lines 24-26); 
display, by the server, the electronic file without identification data (page 7, lines 23-26; page 11, line 9). 
Given the teaching of Rakocevic, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Muhart with the teachings of Rakocevic by assigning a token and generating a key for a file. Rakocevic recites motivation by disclosing that assigning a token and generating a key for a file provides for authentication (page 4, lines 16-32). It is obvious that the teachings of Rakocevic would have improved the teachings of Muhart by assigning a token and generating a key for a file in order to provide authentication.

Muhart in view of Rakocevic fails to specifically disclose:
in response to a confirmation inputted to the server regarding the security assessment, deleting, by the server, the electronic file associated with the unique key within the data repository.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Muhart in view of Rakocevic, as taught by Ongpin.
Ongpin discloses a system and method for entry point management, the system and method having:
in response to a confirmation inputted to the server regarding the security assessment, deleting, by the server, the electronic file associated with the unique key within the data repository (0049, lines 1-14).
Given the teaching of Ongpin, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Muhart in view of Rakocevic with the teachings of Ongpin by deleting the file in response to a confirmation. Ongpin recites motivation by disclosing that file is deleted in response to a confirmation in order to provide security and prevent fraud (0049-0050). It is obvious that the teachings of Ongpin would have improved the teachings of Muhart in view of Rakocevic by deleting a file in response to a confirmation in order to provide security and prevent fraud.

As to claim 79, Muhart discloses:
a plurality of client systems connected to a server (0040 lines 7-13; figure 4); 
a data repository accessible to the server, wherein the server is configured to (0041, lines 1-27; figure 4): 
generate a score associated with the unique token and representing a security assessment of the client system based at least in part on the electronic file (0005, lines 2-12); 
continuously monitor each client system and when a security threat is detected (0078, lines 1-10; 0079, lines 9-17), 
send an alert to each client system (0033, lines 1-10); 
update the score representing the security assessment (0079, lines 9-17).
Muhart fails to specifically disclose:
assign a unique token to each of a plurality of client system to anonymize an identification of each client system and storing a link between each unique token and a corresponding client system; 
receive an electronic file uploaded from a client device of a client system and associated with the unique token of that client system; 
generate a unique key for the received electronic file; 
store, in a data repository, the electronic file corresponding to the unique key; 
delete identification data associated with the client system within the electronic file; 
display the electronic file without identification data; 
in response to a confirmation inputted to the server regarding the security assessment, delete the electronic file associated with the unique key within the data repository.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Muhart, as taught by Rakocevic.
Rakocevic discloses:
assign a unique token to each of a plurality of client system to anonymize an identification of each client system and storing a link between each unique token and a corresponding client system (page 4, lines 17-25); 
receive an electronic file uploaded from a client device of a client system and associated with the unique token of that client system (page 4, lines 16-23); 
generate a unique key for the received electronic file (page 4, lines 33-36; page 9, lines 13-16); 
store, in a data repository, the electronic file corresponding to the unique key (page 4, lines 33-36); 
delete identification data associated with the client system within the electronic file (page 4, lines 24-26); 
display the electronic file without identification data (page 7, lines 23-26; page 11, line 9). 
Given the teaching of Rakocevic, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Muhart with the teachings of Rakocevic by assigning a token and generating a key for a file. Please refer to the motivation recited above with respect to claim 69 as to why it is obvious to apply the teachings of Rakocevic to the teachings of Muhart.

Muhart in view of Rakocevic fails to specifically disclose:
in response to a confirmation inputted to the server regarding the security assessment, delete the electronic file associated with the unique key within the data repository.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Muhart in view of Rakocevic, as taught by Ongpin.
Ongpin discloses:
in response to a confirmation inputted to the server regarding the security assessment, delete the electronic file associated with the unique key within the data repository (0049, lines 1-14).
Given the teaching of Ongpin, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Muhart in view of Rakocevic with the teachings of Ongpin by deleting the file in response to 

As to claims 70 and 80, Muhart discloses:
displaying, by the server, a dashboard comprising updated score associated with each client system (0006, lines 18-20).
Muhart fails to specifically disclose:
wherein each score corresponds to the unique token of each respective client system. 
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Muhart, as taught by Rakocevic.
Rakocevic discloses:
wherein each score corresponds to the unique token of each respective client system. 
Given the teaching of Rakocevic, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Muhart with the teachings of Rakocevic by using a score corresponding to client token. Please refer to the motivation recited above with respect to claim 69 as to why it is obvious to apply the teachings of Rakocevic to the teachings of Muhart.

As to claims 71 and 81, Muhart discloses:
identifying, by the server, a plurality of keywords within the electronic file (0090, lines 12-17; 0091, lines 1-12); 
for each keyword, determining, by the server, one or more parameters applicable to the keyword I(0090, lines 12-17; 0091, lines 1-12); 
generating, by the server, the updated score based at least in part on a value for each of the one or more parameters (0094, lines 1-10).

As to claims 76 and 86, Muhart fails to specifically disclose:
wherein the server deletes metadata associated with the electronic file.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Muhart, as taught by Rakocevic.
Rakocevic discloses:
wherein the server deletes metadata associated with the electronic file (page 4, lines 24-26).
Given the teaching of Rakocevic, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Muhart with the teachings of Rakocevic by deleting metadata. Please refer to the motivation recited above with respect to claim 69 as to why it is obvious to apply the teachings of Rakocevic to the teachings of Muhart.

As to claims 77 and 87, Muhart discloses:
wherein the server determines the score based on a response to one or more questions displayed on at least one electronic device of the client system (0094, lines 1-10).

As to claims 78 and 88, Muhart discloses:
wherein the server executes a machine learning model to analyze the electronic file and generate the score (0056, lines 1-7).

Claims 72 and 82 is/are rejected under 35 U.S.C. 103 as being unpatentable over Muhart in view of Rakocevic as applied to claims 69 and 79 above, and further in view of Draper et al. (US 2009/0276257 A1 and Draper hereinafter).
As to claims 72 and 82, Muhart in view of Rakocevic fails to specifically disclose:
wherein the keyword corresponds to a password, and the one or more parameters applicable to the keyword comprise at least one of length, capital, letter, number, and character.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Muhart in view of Rakocevic, as taught by Draper.
Draper discloses a system and method for determining and managing risk, the system and method having:
wherein the keyword corresponds to a password, and the one or more parameters applicable to the keyword comprise at least one of length, capital, letter, number, and character (0164-0168).
Given the teaching of Draper, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Muhart in view of Rakocevic with the teachings of Draper by using a keyword corresponding to a password using parameters of length, capital, letter, number, or character. Draper discloses that requiring standards for a password comprising at least one of length, characters, and numbers ensures security for the password (0164-168). It is obvious that the teachings of Draper would have improved the teachings of Muhart in view of Rakocevic by using a keyword corresponding to a password using parameters comprising at least one of length, capital, number or character in order to ensure security for the password.

Allowable Subject Matter
Claims 73-75 and 83-85 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Attard et al. (US 2021/0037000 A1) discloses a system and method for securing a group-based communication via identity verification.
Jeschke et al. (CN 101681328 A1) discloses a system and method for predictive assessment of network risks.
Maheshwari et al. (US 2016/0104076 A1) discloses a system and method for adaptive key performance indicator thresholds.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARAH SU/Primary Examiner, Art Unit 2431