Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

DETAILED ACTION
Remarks
This action is in response to communications filed on 06/03/2021, claim(s) 1, 3, 9, 15 & 17 are amended and claims 5, 12 & 18 have been cancelled per Applicant’s request. Therefore, claims 1-4, 6-11, 13-17, 19 and 20 are presently pending in the application and have been considered as follows.

Examiner Notes
In light of the applicant’s amendment to claims 1, 9 and 15 the examiner hereby withdraws the specification objection, drawing objection and 35 USC 112(a) rejections.




Response to Arguments
	-The applicants’ remarks on page 7-9 with respect to:
“Claims 1-20, at pgs. 6-8 of the Office Action, stand rejected under 35 U.S.C. §101 as allegedly being directed to a judicial exception (i.e., an abstract idea) without significantly more. Applicant respectfully disagrees that the present claims are not integrated into a practical application, as alleged in the Office Action and maintains the following arguments to the rejection.”
“Recent revisions to Section 2106.04(II) of the M.P.E.P. make clear that "the extent [the MPEP] equates claims "reciting" a judicial exception with claims "directed to" a judicial exception" are superseded, "along with any other portion of the MPEP that conflicts with this guidance." 2019 Revised Patent Subject Matter Eligibility Guidance, page 6 (hereinafter, the "Revised Guidance"). "The Federal Circuit has distinguished between claims that are "directed to" a judicial exception (which require further analysis to determine their eligibility) and those that are not (which are therefore patent eligible). For example, an improvement in the functioning of a computer or other technology or technological field may render a claim patent eligible at step one of the Alice/Mayo test even if it recites an abstract idea, law of nature, or natural phenomenon." Revised Guidance, page 12. "In accordance with judicial precedent, and to increase consistency in examination practice, the 2019 Revised Patent Subject Matter Eligibility Guidance sets forth a procedure to determine whether a claim is "directed to" a judicial exception under USPTO Step 2A. Under the procedure, if a claim recites a judicial exception (a law of nature, a natural phenomenon, or an abstract idea as  not "directed to" a judicial exception, and thus is patent eligible, if the claim as a whole integrates the recited judicial exception into a practical application of that exception." Revised Guidance, page 13 (emphasis added). 
“Applicant respectfully submits the claims are directed to an improvement of the technical field of security and cybercrimes. The claimed invention is directed towards improving the operation of a user device by preventing the user from accepting a request that may expose the user device to malware/virus that will detrimentally impact the performance of the device. Applicant's Specification in at least para. [0048] provides the following: The techniques described herein can reduce the exposure of sensitive data, improve authentication requirements, and reduce the sharing of compromised links that can compromise the user data or spread malware/viruses. ”
“It is clear the claimed invention is directed to improving the security of the computing device by warning the user of risks. Therefore, Applicant respectfully submits9 that the rejection should be withdrawn. As provided in Revised Guidance, Applicant respectfully requests favorable reconsideration and withdrawal of the rejection. It is believed that all rejections/objections set forth in the previous Office Action have been fully met, and favorable reconsideration and allowance are respectfully requested.”


The examiner respectfully disagrees and notes that the claims are still directed to a judicial exception without being significantly more. The applicant states “the claims are directed to an improvement of the technical field of security and cybercrimes. The claimed invention is directed towards improving the operation of a user device by preventing the user from accepting a request that may expose the user device to malware/virus that will detrimentally impact the performance of the device” however there is no such prevention as written in the claims. Specifically, while a notification provides a warning to a user the notification does not actually prevent or stop the user from executing an action (e.g. join, message engage, etc) with social entities online. Furthermore, a user is capable of pre-screening a group (e.g. a message session, public facebook group, etc.) members prior to joining a group by clicking on the profiles of at least one member, observing previous post or messages sent and form a conclusion as to possible risk of joining prior to joining. The claims appear to automate the pre-screening aspect but provides no special device, algorithm or function that is any different than using a generic computer with generic computing components.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible. Therefore, the applicant arguments are considered non-persuasive. 


The applicants’ remarks on page 10-11 with respect to:
“As an initial matter, the Foster reference (U.S. Patent Publication No. 2014/0337972 Al) was originally cited in the Non-Final Office Action dated August 7, 2020. Then, the 102 rejection was withdrawn in the Final Office Action dated March 3, 2021 where the Examiner states on pg. 3 states, "Applicant's arguments, see page 9-10 of Applicant's response, filed 11/09/202, with respect to the rejection(s) of claim(s) 1-20 under 102 have been fully considered and are persuasive.”
“Now, in the current Office Action, the Foster reference has been "reapplied" without further explanation. In fact, the exact same citations provided in the previous Non-Final Office Action dated August 7, 2020 are presented in the current Office Action.”

Have been carefully considered but are non-persuasive;

After an updated search and careful reconsideration of the Foster reference the examiner believes this to be the most relevant prior art in light of the current language of the claims.

-The applicants’ remarks on page 10 with respect to:
“As noted on pg. 12 of the Office Action the Foster reference is cited as allegedly disclosing the analysis of one or more group members. However, no where in the 

Have been carefully considered but are non-persuasive;

The examiner respectfully disagrees and notes that paragraph 0025 of Foster states “In more detail, either of unknown social entity 107 or known social entity 108 may attempt to communicate with, or connect to, user 106. In response to an attempt by a social entity at communication or connection with user 106, active risk protection module 102 may identify a URL, file, or social communication associated with the social entity, and may initiate a security action after performing an analysis related to the identified URL, file, or social communication.” Para. 0026 provides broadly examples of a social communication as “ A social communication may be, for example, a post on a social network, or a message sent between users of a social network.”  And Para. 0029 “The predictive risk protection module 103 may be driven by a scoring algorithm that can determine and score a risk posed by a dormant social entity by analyzing a target URL, file, or social communication that is associated with the social entity, prior to a user's engagement with the social entity.” Therefore, Foster makes clear before a user joins a message session a risk analysis is performed and as such applicants arguments are considered unpersuasive.


The applicants’ remarks on page 10 with respect to:
“The Office Action at pg. 13 suggests that “alerting before a user engages in social communication (e.g., joining a group)” discloses the claim features of joining a group. However, this interpretation fails to consider that users, both known and unknown to each other, are capable of communicating each other without joining a group. Therefore, the interpretation is overly broad.”
“However, para. [0121] discloses user is a “friend or follower” which suggests that the user is within the group. Even further, there is no disclosure that a join request is used to join a social media group.”

Have been carefully considered but are non-persuasive;

The examiner respectfully disagrees and notes that as stated above Foster makes it clear that the analysis and alerting occurs prior to a user engaging with a social entity. Furthermore, the claims require broadly receiving a join request for a social media group. This join request is not defined to have any special meaning or purpose by the specification or claims. Therefore, the examiner has interpreted this limitation to be the message received by the user to initiate a private chat session (e.g. social media group) with the social entity. As Foster discloses that this analysis is in response to the communication it’s clear that the user and the 

The examiner believes that an interview should be scheduled prior to the next correspondence in an effort for advancing prosecution.


Claim Rejections - 35 USC § 101


35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-4, 6-11, 13-17, 19 and 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e. an abstract idea) without significantly more.  

Claim 9 recites a system for generating notifications of a vulnerability risk level when joining a social media group comprising a storage medium and processor configured to, receiving a join request, analyze data, calculate a vulnerability score based on the analyzed data, calculate an aggregate score from the vulnerability score, calculate a threshold score, compare 

These limitation (receiving, analyzing, calculating, comparing, and notifying), as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components (a storage medium and processor). That is, other than reciting “a storage medium and processor” nothing in the claim element precludes the step from practically being performed in the mind. For example, but for the “a storage medium and processor” language, “receiving, analyzing, calculating, comparing, and notifying” in the context of this claim encompasses the user manually computing a risk score from data in a log, adding the score, calculating a threshold, comparing the score and notifying a user of the comparison. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “MATHEMATICAL CONCEPTS” (calculation of risk scores), “CERTAIN METHODS OF ORGANIZING HUMAN ACTIVITY” (Managing Personal Behavior or Relationships or Interactions Between People ) and “MENTAL PROCESSES” (a process that can be performed by a human using a pen and paper) grouping of abstract ideas. Accordingly, the claim recites an abstract idea.

This judicial exception is not integrated into a practical application. In particular, the claim only recites the additional elements – a storage medium and processor to perform the steps. The additional elements are recited at a high-level of generality such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, 

The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element as described above amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible. 

Under the 2019 PEG, a conclusion that an additional element is insignificant extra-solution activity in Step 2A should be re-evaluated in Step 2B. Here, the performance step was considered to a mental process in Step 2A, and thus it is re-evaluated in Step 2B to determine if it is more than what is well-understood, routine, conventional activity in the field. The background of the application does not provide any indication that the device is anything other than a generic, off-the-shelf computer component, and the Flook, Bancorp, court decisions cited in MPEP 2106.05(d)(II) indicate that mere performance of repetitive calculations is a well‐understood, routine, and conventional function when it is claimed in a merely generic manner (as it is here). Accordingly, a conclusion that the collecting step is well-understood, routine, conventional activity is supported under Berkheimer Option 2.



Drawings
The drawings are objected to under 37 CFR 1.83(a).  The drawings must show every feature of the invention specified in the claims.  Therefore, the limitation “receiving a join request, analyzing user….prior to joining the social media group, and wherein notifying the user is performed before the user joins the social media group” must be shown or the feature(s) canceled from the claim(s).  No new matter should be entered.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will 


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 2, 6, 8-10, 13-16, 19 and 20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by US 20140337972 A1 to Foster.
 Claim 1
Foster teaches a computer-implemented method for generating notifications of a vulnerability risk level when joining a social media group, the computer-implemented method comprising:
receiving a join request for a social media group; [e.g. Foster; Para. 0025– herein, Foster discloses receiving an attempt by a social entity at communicator or connection (e.g. join request) with a user.]
analyzing user and configuration data for one or more group members of the social media group prior to joining the social media group; [e.g. Foster; Fig. 2, Para. 0025, 0037, 0039 – herein, Foster discloses analyzing data of a social entity (e.g. one or more group members). Furthermore, this analysis occurs in response to an attempt for communication between the user and the social entity (e.g. prior to joining the social media group).]
calculating a vulnerability score for the one or more group members based on the analysis; [e.g. Foster; Fig. 2, Para. 0039 – herein, Foster discloses calculating a vulnerability score.]
calculating an aggregated group score based on the vulnerability score for the one or more group members; [e.g. Foster; Fig. 2, Para. 0039 – herein, Foster discloses calculating a vulnerability score (e.g. aggregate score).]
calculating a group threshold for the group based on a risk event; [e.g. Foster; Para. 0032 – herein, Foster discloses analyzing data of a social entity.]
comparing the group threshold and the aggregated group score; [e.g. Foster; Para. 0039 – herein, Foster discloses comparing the risk score to the risk threshold.] and
notifying a user of a vulnerability risk level of the group based on the comparison, wherein notifying the user is performed before the user joins the social media group. [e.g. Foster; Para. 0007, 0025, 0026, 0029, 0039 – herein, Foster discloses alerting a user of the risk. Furthermore, this alerting occurs in response to an analysis of an attempt for communication between the user and the social entity (e.g. prior to joining the social media group).]


Claim 2
Foster teaches the computer-implemented method of claim 1, wherein the user data and configuration data for the one or more group members comprises at least one of personal data, authentication data, or security misconfiguration data. [e.g. Foster; Para. 0029-0031 – herein, Foster discloses the data is personal data (e.g. social media post and other data).]


Claim 5
Foster teaches the computer-implemented method of claim 1, wherein notifying the user is performed before the user joins the group. [e.g. Foster; Para. 0007, 0039 – herein, Foster discloses alerting before a user engages in social communication (e.g. joining a group).]

Claim 6
Foster teaches the computer-implemented method of claim 1, wherein the notification indicates the vulnerability score and the user data and configuration data contributing to the vulnerability score. [e.g. Foster; Fig. 6, Para. 0077]

Claim 7
Foster teaches the computer-implemented method of claim 1, wherein the vulnerability risk level is based on a difference between the aggregated group score and the group threshold. [e.g. Foster; Fig. 6, Para. 0075 – herein Foster discloses the risk level being based on the score being above the threshold (e.g. different than the threshold score)]

Claim 8
Foster teaches the computer-implemented method of claim 1, wherein the group threshold is based at least in part on a group type. [e.g. Foster; Para. 0032 – herein, Foster discloses the threshold is based on one or more characteristics (e.g. group type)]

Regarding claims 9, 10, 19-16, 19 and 20 they are system and manufacture claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 4, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Foster in view of US 20200244693 to Ghorbani et al. (hereinafter “Ghorbani).

Claim 3 & 4
While Foster teaches method of claim 2, Foster fails to teach:
“wherein the security misconfiguration data comprises out-of-date programs”
“wherein the authentication data comprises at least one of exposed passwords or a password strength”
however, Ghorbani teaches determining the security risk associated with one or more users of a computer network wherein the risk is based upon a calculated score that uses vulnerabilities on the machine as well as a strength of a user password. Specifically, Ghorbani teaches:
“wherein the security misconfiguration data comprises out-of-date programs”  [e.g. Ghorbani; Para. 0174 – “vulnerabilities related to the user's machine and include, for example, the Operating System (OS) and all installed software's and the application's vulnerabilities which are already listed in the Mitre website”.]
“wherein the authentication data comprises at least one of exposed passwords or a password strength” [e.g. Ghorbani; 0172, Fig. 15 Password Attack – “The next step in calculating a users risk is to find T*I. Each possible vulnerability is associated with one or more threats (ti). For each vulnerability the user has, the threats associated with that vulnerability are added to that user's list of threats (t0. . . tn,) if they are not already included. Some example threats are listed in the tables shown in FIGS. 14 and 15.”]

Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to include, the feature above in the invention as disclosed by Foster in order to better identify users that pose the greatest security risk by considering the behavior of various categories of online and network related activity. 

Regarding claims 11 and 17 they are system and manufacture claims essentially corresponding to the above recitations, and they are rejected, at least, for the same reasons.

Conclusion



The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please check attached PTO-892 form for any additional references.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER C HARRIS whose telephone number is (571)270-7841.  The examiner can normally be reached on Monday through Friday between 8:00 AM to 4:00 PM CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/CHRISTOPHER C HARRIS/Primary Examiner, Art Unit 2432