DETAILED ACTION
Claims 1-7 and 11-16 are rejected under 35 USC § 101; Examiner invites Applicant to participate in the Deferred Subject Matter Eligibility Response (DSMER) Pilot Program.
Claims 12-19 objected to for minor informalities.
Claims 1-19 are rejected under 35 USC § 103.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Invitation to Participate in DSMER Pilot Program
The present application satisfies the criteria for participation set forth in the Federal Register Notice entitled “Deferred Subject Matter Eligibility Response (DSMER) Pilot Program.” Therefore, the examiner invites applicant to participate in the DSMER pilot program. 

An applicant who accepts the invitation to participate in this pilot program must still file a reply to every Office action mailed in this application, but may defer presenting arguments or amendments in response to subject matter eligibility (SME) rejection(s) until the earlier of final disposition of the application, or the withdrawal or obviation of all other outstanding non-SME rejections. A final disposition for purposes of this pilot program occurs upon the earliest of: mailing of a notice of allowance; mailing of a final Office action; filing of a notice of appeal; 

Further information about the pilot program, including an explanation of the criteria for receiving an invitation, and the conditions of participation, is provided in the Federal Register Notice announcing the program, which is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response.

Applicant has two choices with respect to this invitation:
(1) Applicant may elect to participate in the DSMER pilot program. To effect this choice, applicant MUST accept this invitation by filing a completed request form PTO/SB/456 with a timely response to this Office action. The DSMER Pilot request form must be signed in accordance with 37 CFR § 1.33(b) by a person having authority to prosecute the application, and must be submitted via the USPTO’s patent electronic filing systems (EFS-Web or Patent Center). The form is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response. If the form is properly completed and timely received, the application will be entered into the pilot program.




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


	Claims 1-7 and 11-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.

Claims 1 and 11
	[Step 1] Claims 1 and 11 recite a process comprising steps of (1) collecting data from a source, (2) performing a sentiment analysis on the collected data, (3) performing an intent analysis on the collected data, (4) scoring the collected data based on the sentiment analysis and the intent analysis analyzing text to determine a risk associated with the collected data, and (5) updating a backup policy associated with the backup storage based on the determined risk.
	[Step 2A – Prong One] The process recited in claims 1 and 11 are directed to an abstract idea. The recited limitations (2), (3), and (4) are a process that, under its broadest reasonable interpretation, covers mental processes including "observations, evaluations, judgments, and opinions" that "can be performed in the human mind, or by a human using a pen and paper" MPEP 2106.04(a)(III). The step of (2) performing a sentiment analysis on the collected data, is 
	[Step 2A – Prong Two] Claims 1 and 11 do not recite additional elements that integrate the judicial exception into a practical application. The step of (1) collecting data from a source only amounts to insignificant extra-solution activity of data gathering. The step of (5) updating a backup policy associated with the backup storage based on the determined risk only amounts to insignificant extra-solution activity of data output (i.e. store the risk as a backup policy). See MPEP 2106.05(g). The recitation of applying the process on generic computer components (e.g. processor, storage device, non-transitory computer-readable medium) does not integrate the judicial exception into a practical application. See MPEP 2106.04(d)(I)
	[Step 2B] Claims 1 and 11 do not recite a combination of elements that amount to significantly more than the judicial exception itself. The recited limitations of (2), (3), and (4) are a mental process that, under its broadest reasonable interpretation, merely performs a mental process in a computer environment. See MPEP 2106.04(a)(2)(III)(C). These claim limitations fail to improve the functioning of the computer itself, because "a claim whose entire scope can be performed mentally, cannot be said to improve computer technology." See MPEP 2106.05(a)(I). The additional elements in recited limitations (1) collecting data from a source and (5) updating a backup policy associated with the backup storage based on the determined risk are 

Claims 2 and 12
The recitation of the data being collected "from at least one of forums, websites, or chatrooms in the darknet or other network" is an additional element. This additional element generally links the use of the judicial exception to a particular technological environment or field of use, e.g. limiting the abstract idea to network data. This field of use limitation does not integrate the judicial exception into a practical application, nor does it recite significantly more than a judicial exception. See MPEP 2106.05(h).

Claims 3 and 13
	The recitation of "performing a language analysis on the collected data; and performing an intent analysis on the collected data" are directed to an abstract idea. The recited limitations are a process that, under its broadest reasonable interpretation, covers mental processes including "observations, evaluations, judgments, and opinions" that "can be performed in the human mind, or by a human using a pen and paper" See MPEP 2106.04(a)(III). The step of performing a language analysis, is accomplished by a human reading text and evaluating the language of the text. The step of performing an intent analysis is accomplished by a human reading text and evaluating the meaning of the text to derive an opinion of intent represented by the text.

Claims 4 and 14
	The recitation of "parsing the collected data into at least one document" is an additional element. This additional element does not integrate the judicial exception into a practical application, because it only amounts to insignificant extra-solution activity of data output (i.e. store the data into a document). See MPEP 2106.05(g). This additional element does not recite significantly more than a judicial exception, because it is recognized as well-understood, routine, and conventional activity of storing and retrieving information in memory. See MPEP 2106.05(d)(II)(iv).

Claims 5 and 15
	The recitation of "determining a subject of the collected data" and "determining if the subject is associated with an industry or a specific entity" are directed to an abstract idea. The recited limitations are a process that, under its broadest reasonable interpretation, covers mental processes including "observations, evaluations, judgments, and opinions" that "can be performed in the human mind, or by a human using a pen and paper" See MPEP 2106.04(a)(III). The step of determining a subject, is accomplished by a human reading text and evaluating the meaning of the text to derive an opinion of the subject represented by the text (or an opinion of whether the subject is associated with a specific entity).

Claims 6-7 and 16
	The recitation of "scoring the collected data based on the language analysis and the intent analysis," and "scoring the collected data per user" are directed to an abstract idea. The recited limitations are a process that, under its broadest reasonable interpretation, covers mental 


Claim Objections
Claims 12-19 are objected to because of the following informalities:
Claims 12-19 depend on the method of claim 11. However, claim 11 is expressly drawn to a medium comprising computer executable instructions and not a method. Examiner recommends amending dependent claims to recite: "The medium of claim 11, wherein the method further comprises…" or something similar.
Claim 16 recites "scoring the sentiment based on … the subject." There is no antecedent basis for "the subject." For purposes of examination, claim 16 is interpreted as dependent on claim 15 (reciting step of "determining a subject").
Claims 18-19 are dependent on claim 1 and are verbatim copies of claims 9 and 10. Examiner assumes a typographical error. For purposes of examination, claims 18 and 19 are interpreted as dependent on claim 11.
Appropriate correction is required.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-8 and 11-17 are rejected under 35 U.S.C. 103 as being unpatentable over Barel, U.S. PG-Publication No. 2016/0119365 A1, in view of Ng et al., U.S. PG-Publication No. 2018/0359281 A1, further in view of Banasik et al., U.S. PG-Publication No. 2018/0189146 A1.

Claim 1
	Barel discloses a method for performing data protection. Barel discloses a method of "intelligence generation concerning potential threats … with the goal of providing a decision supporting tool" for "protecting the assets of [an] organization." Barel, ¶ 23. The method is implemented in a "Cyber Intelligence Hub" providing an "'Early Warning' service … regarding potential cyber-attacks." Id. at ¶ 26.
	Barel discloses the method comprising: collecting data from a source and the collected data including a sentiment of a user.1 The Cyber Intelligence Hub comprises an "intelligence gathering unit" for collecting data from forums (2.12 Public API's to relevant social networks), websites (2.11 Web Crawlers and Web Scrapers for textual information), and chatrooms in the darknet (2.17 Deepweb/Darknet forums). Id. at ¶¶ 43-53; See Also ¶¶ 55-80 (listing sources of data evaluated by Cyber Intelligence Hub); ¶¶ 154-158.
performing a sentiment analysis on the collected data and performing an intent analysis on the sentiment. The collected information is "analyzed by a set of analytics engines," including "Sentiment Analysis" to "develop insights regarding the attitudes and opinions of users regarding a specific topic by … detecting key words in their posts and attributing these words to a positive or negative context." Id. at ¶¶ 178-182.
	Barel discloses performing an intent analysis on the collected data and performing an intent analysis on the sentiment.2 The collected information is "correlated in order to … arrive at conclusions regarding intents, threats or trends which are of interest." Id. at ¶ 176. The sentiment analysis engine is also used to determine "the intent of users," wherein "the gathered information is reviewed and words which can implicate specific … intents by users are detected." Id. at ¶¶ 179; 181. Information analysis is used to alert "of the intent of any entity to perform an attack." Id. at ¶ 184.
	Barel discloses determining a subject of the sentiment.3 The sentiment analysis engine generates "insights regarding the attitudes and opinions of users regarding a specific topic," and the result of the analysis "is a report that demonstrates the cyber buzz around a specific topic." Id. at ¶¶ 180-182, emphasis added.
	Barel discloses determine a risk associated with the collected data. The Cyber Intelligence Hub derives correlations from the information analysis phase for "alerting consumers of the intent of any entity to perform an attack against them" (i.e. risk of an attack). Id. at ¶ 184.
	Barel does not expressly disclose scoring the collected data based on the sentiment analysis and the intent analysis to determine a risk associated with the collected data.
scoring the collected data based on the sentiment analysis and the intent analysis and the subject4 to determine a risk associated with the collected data. Ng discloses "a method comprising assessing risk of a cyber security failure in a computer network of an entity, using a computer agent configured to collect information from at least one accessible Internet element." Ng, ¶ 4. The method comprises "determining a sophistication score of the entity with respect to cyber risk" and "determining a motivation score of a hacker or other actor with respect to initiating one of a cyber security failure." Id. at ¶¶ 93-94. Ng discloses system 505 for providing "recommendations based solely on the motivation and/or sophistication … analysis for the entity." Id. at ¶ 106.  System 505 obtains motivation elements used to determine the motivation score, including "hacker sentiment" derived from "hacker forums and/or discussion groups, chat rooms, dark web, or dark net forums." Id. at ¶ 129. System 505 comprises scoring and plotting module 535 used "to calculate an aggregate risk score (motivation, sophistication, and/or combined) for numerous entities." Id. at ¶ 146. Figure 15 illustrates a method 1500 "for modifying a policy based on a cyber risk analysis." At 1505, system 505 asses "using a plurality of motivation elements regarding the entity" and "a motivation of an actor to initiate the cyber security failure." At 1510, system 505 calculates "a composite score from a motivation score and a sophistication score," by converting motivation and sophistication elements "into mathematical representations … and processing these elements into scores." At 1515, system 505 creates "an aggregate risk score of a portfolio of entities based on a plurality of motivations scores … and a plurality of sophistications scores." Id. at ¶¶ 175-180.
updating a … policy … based on the determined risk. Ng discloses that "[i]n response to making a cyber risk assessment" a recommendation module 540 provides the end user "with some type of actionable feedback." Id. at ¶ 161. 
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of determining risk based on sentiment and intent in collected text of Barel to incorporate calculating a risk assessment score based on hacker sentiment obtained from text as taught by Ng. One of ordinary skill in the art would be motivated to integrate calculating a risk assessment score into Barel, with a reasonable expectation of success, in order to provide "recommended computer network changes to reduce the assessed risk." Ng, ¶ 5.
	Barel-Ng does not expressly disclose performing data protection for backup storage; and updating a backup policy associated with the backup storage based on the determined risk.
	Banasik discloses a method for performing data protection for backup storage; and updating a backup policy associated with the backup storage based on the determined risk. Banasik discloses a method comprising steps of "assessing an initial criticality of data stored on a computer system; computing an initial risk score based on the initial criticality and a plurality of situational factors received from one or more external modules," and "selecting an initial data protection plan based on the initial risk score." Banasik, ¶ 4. Situational factors include "security vulnerability status, which may include a computer security climate based on the latest computer viruses and worms." Id. at ¶¶ 17; 23. External modules include a "'crawler' that searches the World Wide Web," wherein "the crawler determines a new widespread threat [that] is being discussed." Id. at ¶ 49. The system monitors external modules and "a new risk score is computed based on detected changes," and in response a "different data protection plan is selected based on Id. at ¶ 53. The data protection plan comprises data protection method (e.g. backup), the backup type, frequency of backups, retention period, and/or backup policy. Id. at ¶¶ 54-59.
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the method of determining risk based on sentiment and intent from collected text of Barel-Ng to incorporate selecting a data backup plan based on a risk score as taught by Banasik. One of ordinary skill in the art would be motivated to integrate selecting a data backup plan based on determined risk into Barel-Ng, with a reasonable expectation of success, in order "for improved efficiency and improved data protection for organizations that utilize computer data." Banasik, ¶ 103.

Claim 2
	Barel discloses collecting the data from forums, websites, or chatrooms in the darknet. The Cyber Intelligence Hub comprises an "intelligence gathering unit" for collecting data from forums (2.12 Public API's to relevant social networks), websites (2.11 Web Crawlers and Web Scrapers for textual information), and chatrooms in the darknet (2.17 Deepweb/Darknet forums). Barel ¶¶ 43-53; See Also ¶¶ 55-80 (listing sources of data evaluated by Cyber Intelligence Hub); ¶¶ 154-158.

Claim 3
	Barel discloses wherein performing a sentiment analysis includes: performing a language analysis on the collected data, the language analysis including natural language processing or neuro linguistic processing.5 The collected information is "analyzed by a set of analytics engines," including "Sentiment Analysis" to "develop insights regarding the attitudes and opinions of users regarding a specific topic by … detecting key words in their posts and attributing these words to a positive or negative context." Barel, ¶¶ 178-182. Detecting keywords and attributing the words to a positive or negative context is a form of natural language processing. Further, Applicant admits in the present specification that "[e]xamples of NLP are available to one of skill in the art." Spec., ¶ 13.
	Barel discloses performing an intent analysis on the collected data and performing an intent analysis on the sentiment.6 The collected information is "correlated in order to … arrive at conclusions regarding intents, threats or trends which are of interest." Barel, ¶ 176. The sentiment analysis engine is also used to determine "the intent of users," wherein "the gathered information is reviewed and words which can implicate specific … intents by users are detected." Id. at ¶¶ 179; 181. Information analysis is used to alert "of the intent of any entity to perform an attack." Id. at ¶ 184.

Claim 4
	Barel discloses parsing the collected data into at least one document. Barel discloses that "[a]ll information fragments, meticulously gathered from multiple sources, are stored in a dedicated database" (i.e. stored in a document). Barel, ¶¶ 92; 160; See Also ¶ 161 (collected data is restructured into a unified format).

Claim 5
determining a subject of the collected data and determining if the subject is associated with an industry or a specific entity.7 Ng discloses that "the assessing of risk includes evaluating the collected information to obtain circumstantial or indirect information that is indicative of the entity." Ng, ¶ 4. Further, the method comprises steps of "collecting information" and "evaluating the collected information to obtain circumstantial or indirect information that is indicative of an entity." Id. at ¶ 8.

Claim 6
	Ng discloses further comprising scoring the collected data based on the language analysis and the intent analysis and the subject.8 Ng discloses "a method comprising assessing risk of a cyber security failure in a computer network of an entity, using a computer agent configured to collect information from at least one accessible Internet element." Ng, ¶ 4. The method comprises "determining a sophistication score of the entity with respect to cyber risk" and "determining a motivation score of a hacker or other actor with respect to initiating one of a cyber security failure." Id. at ¶¶ 93-94. Ng discloses system 505 for providing "recommendations based solely on the motivation and/or sophistication … analysis for the entity." Id. at ¶ 106.  System 505 obtains motivation elements used to determine the motivation score, including "hacker sentiment" derived from "hacker forums and/or discussion groups, chat rooms, dark web, or dark net forums." Id. at ¶ 129. Accordingly, "hacker sentiment" based on language and intent analysis of hacker forums and/or discussion groups is used to generate a motivation score.

Claim 7
scoring the collected data per user. Figure 15 illustrates a method 1500 "for modifying a policy based on a cyber risk analysis." At 1505, system 505 asses "using a plurality of motivation elements regarding the entity" and "a motivation of an actor to initiate the cyber security failure." At 1510, system 505 calculates "a composite score from a motivation score and a sophistication score," by converting motivation and sophistication elements "into mathematical representations … and processing these elements into scores." Ng, ¶¶ 175-180. The claimed "composite score" is representative of a risk assessment score for a single entity (before it is used to generate an aggregate risk score of a portfolio of entities).

Claim 8
	Banasik discloses wherein the determined risk indicates that a primary data storage system is at risk, further comprising completing backup of critical applications and stopping backup of non-critical applications. The "primary data storage system" is interpreted as the production storage that is being backed up. Spec., ¶¶ 3; 15. Banasik discloses an embodiment wherein "[o]ne of the data protection plans can be established as an emergency protection plan, where the most critical files are backs up as soon as possible to a remote data store location." Id. at ¶ 47. Backing up the most critical files/applications as soon as possible requires a stop/pause of backing up files/application that are not the most critical (i.e. non-critical).

Claims 11-17
9


Claims 9-10 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Barel, in view of Ng, further in view of Banasik, further in view of Martin et al., U.S. PG-Publication No. 2018/0004948 A1.

Claim 9
	Martin discloses wherein the determined risk indicates that the backup storage is at risk, further comprising automatically stopping all backups and closing the backup device to all networking. Martin discloses a method "for predicting and characterizing cyber attacks" comprising steps of accessing signals representing a possible security threat, "assigning a risk score to each signal," "aggregating risk scores for signals," and "in response to the risk score exceeding [a] threshold risk score, automatically responding to the composite risk to eliminate the security threat." Martin, ¶ 9. In one embodiment, the method can "automatically perform various actions to reduce risk or impact of a zero-day exploit attack, such as by automatically quarantining or removing compromised assets from the network substantially in real-time." Id. at ¶ 12. A system implementing the method "can automatically execute a remediation action to reduce or eliminate a security threat in response to the composite risk score … exceeding the threshold risk score;" the remediation actions can cause a system to "automatically terminate a Id. at ¶ 48. Accordingly, Martin discloses determining a threshold risk for automatically terminating a process (e.g. stopping all backups), taking a computer off the network (e.g. closing a backup computer storage device to networking), and shifting a compromised computer to a quarantine network (e.g. locking a backup computer storage device in a retention mode).
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify method of determining risk based on sentiment and intent from collected text and selecting a data protection policy based on the determined risk of Barel-Ng-Banasik to incorporate automatically responding to a security threat based on exceeding a threshold risk score as taught by Martin. One of ordinary skill in the art would be motivated to integrate automatically responding to a security threat based on exceeding a threshold risk score into Barel-Ng-Banasik, with a reasonable expectation of success, in order to "rapidly detect zero-day exploit attacks" and "automatically perform various actions to reduce risk or impact of a zero-day exploit attack." Martin, ¶ 12.

Claim 10
	Martin discloses wherein the determined risk indicates that the backup storage is at risk, further comprising locking data in a retention mode. Martin discloses a method "for predicting and characterizing cyber attacks" comprising steps of accessing signals representing a possible security threat, "assigning a risk score to each signal," "aggregating risk scores for signals," and "in response to the risk score exceeding [a] threshold risk score, automatically responding to the composite risk to eliminate the security threat." Martin, ¶ 9. In one embodiment, the method can Id. at ¶ 12. A system implementing the method "can automatically execute a remediation action to reduce or eliminate a security threat in response to the composite risk score … exceeding the threshold risk score;" the remediation actions can cause a system to "automatically terminate a process, quarantine files … take a compromised computer off the network, shift a compromised computer to a quarantine network … or execute any other script or function." Id. at ¶ 48. Accordingly, Martin discloses determining a threshold risk for automatically terminating a process (e.g. stopping all backups), taking a computer off the network (e.g. closing a backup computer storage device to networking), and shifting a compromised computer to a quarantine network (e.g. locking a backup computer storage device in a retention mode).
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify method of determining risk based on sentiment and intent from collected text and selecting a data protection policy based on the determined risk of Barel-Ng-Banasik to incorporate automatically responding to a security threat based on exceeding a threshold risk score as taught by Martin. One of ordinary skill in the art would be motivated to integrate automatically responding to a security threat based on exceeding a threshold risk score into Barel-Ng-Banasik, with a reasonable expectation of success, in order to "rapidly detect zero-day exploit attacks" and "automatically perform various actions to reduce risk or impact of a zero-day exploit attack." Martin, ¶ 12.

Claims 18-19



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FRANK D MILLS whose telephone number is (571)270-3172. The examiner can normally be reached M-F 10-6 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAVITA PADMANABHAN can be reached on (571)272-8352. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) 





/FRANK D MILLS/Primary Examiner, Art Unit 2176                                                                                                                                                                                                        February 26, 2022


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 The "collected data including a sentiment of a user" limitation is present in corresponding medium claim 11.
        2 The "performing an intent analysis on the sentiment" limitation is present in corresponding medium claim 11.
        3 The "determining a subject of the sentiment" limitation is present in corresponding medium claim 11.
        4 The "scoring the collected data based on … the subject" limitation is present in corresponding medium claim 11.
        5 The "language analysis including" limitation is present in corresponding medium claim 13.
        6 The "performing an intent analysis on the sentiment" limitation is present in corresponding medium claim 13.
        7 The "determining if the subject is associated" limitation is present in corresponding medium claim 15.
        8 The "and the subject" limitation is present in corresponding medium claim 16.
        9 Limitations present only in the medium claims are denoted with italics in the corresponding method claim rejections.