DETAILED ACTION
This Office Action is in response to the application 16/932,176 filed on 07/17/2020.
Claims 1-20 have been examined and are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made Non-FINAL.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.  
Regarding claims 1 and 11, claims 1 and 11 are rejected under 35 U.S.C. 101 because the claims are directed to an abstract idea without being integrated into a practical application nor being significantly more.  
The claims recite the limitations of “assigning a … score,” “generating…metadata5generating =geggg,” “creating a ledger entry,” “and “using the ledger entry to determine …a score” are directed to an abstract idea because these claim limitations, under its broadest reasonable interpretation, covers processes that could be performed in 
This judicial exception is not integrated into a practical application as the claim does not recite any other addition operations that would be considered as applying the abstract idea into a practical operations. It is noted that the claims recite additional elements (i.e., data confidence fabric comprising computing system and IOT devices). However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of generating model and comparing data), such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore, the claims are not integrated into a practical application. 
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. It is noted that the claim recites some additional elements such as “determining a threat.” However, these additional elements, taken individually and as a combination, do not result in the claim amounting to significantly more than the abstract idea because “detecting a threat” in a network is recited as performing generic computer functions routinely used in information collection, measurement, processing, and analysis (Connell [0005]. Historically, to protect against a cyberattack, certain vulnerability data for the different technologies operating within network connected systems of an enterprise would be collected and analyzed for various insights. ). Generic computer components recited as performing 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to the integration of abstract idea into a practical application, the additional element of “detecting a threat” amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. Therefore, these claims are not patent eligible. 
Regarding claims 2-10 and 12-20, claims 6-10, and 16-20 are also rejected under 35 U.S.C 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims do not contain any element or combination of elements that is sufficient to ensure that the patent in practice amounts to significantly more than a patent upon the ineligible concept itself. See Alice Corporation v. CLS Bank International, (S.Ct.2014). See also Intellectual Ventures LLC v. Symantec Corp. (Fed. Cir. 2016), Electric Power Group, LLC v. Alstom SA (Fed. Cir. 2016), Affinity Labs of Texas LLC v. Amazon.com Inc. (Fed. Cir. 2016).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claims 1-6, 8-10, 11-16, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Katragadda et al. (“Katragadda,” US 20190379699, published Dec. 12, 2019) in view of Hart et al. (“Hart,” US 20210056562, filed Feb. 8, 2019). 
Regarding claim 1, Katragadda discloses A method, comprising: 
detecting a threat in a data confidence fabric (Katragadda FIG. 7, [0118], [0139]. Further , because the client environment is not limited to desktops , servers , tablets , phones , sensors such as Internet of things and / or the like. The external malware analysis engine 702 [ ] are configured to detect unknown vulnerabilities [ ] include , but are not limited to zero day threats , ransomware , and / or the like related to the behavioral analysis of the malware. [See Specification FIG. 5, [0002], [0015] for “data confidence fabric,” which includes IoT network with a score-based malware monitoring.]); 
assigning a [data confidence] score to data implicated by the threat (Katragadda [0150]. A score is assigned to the at least one of the plurality of security or vulnerability threats based on the peer reviews, at block 1130 [] both the scores and the rewards are recorded in the blockchain database 103 at block 1115. Moreover , it should be appreciated that the peer review may be [] a plurality of machines having supervised and / or unsupervised machine learning and configured to provide legitimate intelligence.); 
Katragadda [0156], [0162]. Another embodiment envisioned is a method to analyze, detect vulnerabilities and anomalies on Internet of Things ( IoT ) enabled devices, computer environments and related components by generating a unique digital representation of the target device and or environment and categorize server metadata , including but not limited to ports , current system configuration , operating system. If any device detects similar malware metadata information, such node can alert, shutdown or notify the target or connected system that originated such alarm [see Specification [0040] for trust insertion metadata that may include “any relevant information about threats that the security technology 512 has detected”].);
 creating a ledger entry based on the data confidence score and the trust insertion metadata (Katragadda FIG. 2, [0126], [0150]-[0151]. For example, within the transaction engine 107, the valid message payload having a header M101 [can include “TxID , TIMESTAMP , HASH , PREV - HASH , METADATA M801 Digest , DATA - M1 Content,” see [0098], [0107].] may be evaluated for [] vectors of attack. [I]f a vector has enough validation [], the indicator becomes a comprise vector and is logged in the network layer 104 ( FIG . 2 ) .The vectors and indicators are validated, logged in the network layer 104 ( FIG . 2 ) , and recorded in the blockchain database 103. A score is assigned to the at least one of the plurality of security or vulnerability threats based on the peer reviews, at block 1130 [] and both the scores and the rewards are recorded in the blockchain database 103 at block 1115. The transaction engine 107 collects the metadata [ ] and writes to the blockchain database 103 , at block 1240.).  

However, in an analogous art, Hart discloses data confidence score (Hart [0052]. [T]he confidence scoring 305 used during the registration process 200 may use factors including for example, session details 310 , verification results 315 , ID risk assessment 320 , and account complete ness 325.); 
using the ledger entry to determine an overall data confidence score for the data confidence fabric (Hart FIGs. 2-3, [0046], [0053]. The registration process 200 may generally include [ ] creating an associated new user unique identifier , creating a new user record [ ] and publishing the new user unique identifier and the smart contract to the distributed ledger 1351-135n. At least one example of determining a confidence score may include [ ] session details 310 , verification results 315 , ID risk assessment 320 , and account completeness 325 , may be assigned a total possible score determined by points assigned to the associated scoring attributes. The scores for the scoring factors may be tallied up to yield a total confidence score.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Hart with the teachings of Katragadda to include the step of: using the ledger entry to determine an overall data confidence score for the data confidence fabric, to provide users with a means for using a confidence score to indicate the trustworthiness of transactions. (See Hart [0053].)
Regarding claim 2, Katragadda and Hart disclose the method of claim 1. Katragadda discloses wherein the threat is detected by a security technology running on a Katragadda [0155]. Vulnerabilities and anomalies existing in a cybersecurity landscape may be detected. The input to such systems includes threat data, such as security information and event management ( SIEM ) , firewalls and unified threat management systems , intrusion detection and prevention , secure web gateways , secure email gateways , endpoint protection , web application protection.). 
Regarding claim 3, Katragadda and Hart disclose the method of claim 1. Katragadda further discloses wherein the [overall data confidence] score is also based on trust insertion metadata generated by one or more devices in the data confidence fabric (Katragadda FIG. 2, [0126], [0150]. For example, within the transaction engine 107, the valid message payload having a header M101 [can include “TxID , TIMESTAMP , HASH , PREV - HASH , METADATA M801 Digest , DATA - M1 Content,” see [0098], [0107].] may be evaluated for [] vectors of attack. [I]f a vector has enough validation [], the indicator becomes a comprise vector and is logged in the network layer 104 ( FIG . 2 ) .The vectors and indicators are validated, logged in the network layer 104 ( FIG . 2 ) , and recorded in the blockchain database 103. A score is assigned to the at least one of the plurality of security or vulnerability threats based on the peer reviews, at block 1130 [] and both the scores and the rewards are recorded in the blockchain database 103 at block 1115.) 
other than a device that detected the threat (Katragadda [0138] – [0139]. the curator engine 106 is communicatively coupled to an external malware analysis engine 702 such that the valid message payload having a header M101 may be converted into a data file M701. The map behavior file engine 704 and the map client engine 706 of the external malware analysis engine 702 are configured to detect unknown vulnerabilities using dynamic behavior analysis.). 
Hart discloses overall data confidence score (Hart FIGs. 2-3, [0053]. At least one example of determining a confidence score may include [ ] session details 310 , verification results 315 , ID risk assessment 320 , and account completeness 325 , may be assigned a total possible score determined by points assigned to the associated scoring attributes. The scores for the scoring factors may be tallied up to yield a total confidence score.).
The motivation is the same as that of claim 1 above.  
Regarding claim 4, Katragadda and Hart disclose the method of claim 1. Hart discloses wherein the entity that assigns the data confidence score is configured to assign both integer, and non-integer, data confidence scores (Hart [0053]. Each of the scoring factors : session details 310 , verification results 315 , ID risk assessment 320 , and account completeness 325, may be assigned a total possible score determined by points assigned to the associated scoring attributes. The scores for the scoring factors may be tallied up to yield a total confidence score. In some embodiments, the total confidence score may be scaled to a percentage.). 
The motivation is the same as that of claim 1 above. 
Regarding claim 5, Katragadda and Hart disclose the method of claim 1.  Hart discloses further comprising adjusting the data confidence score (Hart [0051]. Furthermore , the calculated confidence score for each applicable transaction may be continuously recalculated to ensure that all actions , adjustments , factors , and rules are included in the real - time scoring of the data associated with each transaction . This continuous scoring mechanism enables instant identification of any potential fraudulent or malicious activity). 
The motivation is the same as that of claim 1 above. 
Regarding claim 6, Katragadda and Hart disclose the method of claim 1. Katragadda discloses wherein the data is generated and/or collected by an IoT device (Katragadda [0118], [0142]. As such , input data 110 that enters the system 100 may be , for example , data from the client environment 105 that may include [ ] a IoT data 206. Still referring to FIG. 8, the transaction engine 107 may be configured to determine what data can be collected from the IoT devices.). 
Regarding claim 8, Katragadda and Hart disclose the method of claim 1. Katragadda further discloses further comprising generating a data threat portfolio view based on the [data confidence] score and the trust insertion metadata (Katragadda FIG. 10, [0146]. As discussed herein , any and all vulnerabilities , security threats , and / or the like are monitored from the user interface 1000. The user interface 1000 may display a plurality significant events occurring within the swarm 112 and provides the client the complete graphical view of the events , categories , event types , distribution. [See [0126], [0151] for detecting malware based on metadata and/or vector].). 
Hart further discloses generating a data threat portfolio view based on the data confidence score (Hart FIG. 17 (confidence score), [0084], [0086]. The verification system may also provide financial institutions with red flag reports as shown in FIG. 16 and various SAR and CTR reports as shown in FIG. 1. For example, a verification system administrator may be provided details regarding dispensary activity , user activity , verified transactions , confidence scores , red flag , error , and failed verification reports , and audit logs.). 
The motivation is the same as that of claim 1 above. 
Regarding claim 9, Katragadda and Hart disclose the method of claim 1. Katragadda further discloses presenting a graphical display of a data threat portfolio view that was generated based on the [data confidence score] and the trust insertion metadata (Katragadda FIG. 10, [0146]. As discussed herein , any and all vulnerabilities , security threats , and / or the like are monitored from the user interface 1000. The user interface 1000 may display a plurality significant events occurring within the swarm 112 and provides the client the complete graphical view of the events , categories , event types , distribution. [See [0126], [0151] for detecting malware based on metadata and/or vector].). 
Hart further discloses presenting a graphical display of a data threat portfolio view that was generated based on the data confidence score (Hart FIG. 17 (confidence score), [0084], [0086]. The verification system may also provide financial institutions with red flag reports as shown in FIG. 16 and various SAR and CTR reports as shown in FIG. 1. For example, a verification system administrator may be provided details regarding dispensary activity , user activity , verified transactions , confidence scores , red flag , error , and failed verification reports , and audit logs.). 
The motivation is the same as that of claim 1 above. 
Regarding claim 10, Katragadda and Hart disclose the method of claim 1. Katragadda further discloses wherein the data passes through an entity that detects the threat (Katragadda [0138] – [0139]. the curator engine 106 is communicatively coupled to an external malware analysis engine 702 such that the valid message payload having a header M101 may be converted into a data file M701. The map behavior file engine 704 and the map client engine 706 of the external malware analysis engine 702 are configured to detect unknown vulnerabilities using dynamic behavior analysis.). 
Regarding claim 11, claim 11 is directed to a non-transitory storage medium corresponding to the method of claim 1. Claim 11 is similar in scope to claim 1 and is therefore rejected under similar rationale. 
Regarding claim 12, claim 12 is directed to a non-transitory storage medium corresponding to the method of claim 2. Claim 12 is similar in scope to claim 2 and is therefore rejected under similar rationale. 
Regarding claim 13, claim 13 is directed to a non-transitory storage medium corresponding to the method of claim 3. Claim 13 is similar in scope to claim 3 and is therefore rejected under similar rationale. 
Regarding claim 14, claim 14 is directed to a non-transitory storage medium corresponding to the method of claim 4. Claim 14 is similar in scope to claim 4 and is therefore rejected under similar rationale. 
Regarding claim 15, claim 15 is directed to a non-transitory storage medium corresponding to the method of claim 5. Claim 15 is similar in scope to claim 5 and is therefore rejected under similar rationale. 
Regarding claim 16, claim 16 is directed to a non-transitory storage medium corresponding to the method of claim 6. Claim 16 is similar in scope to claim 6 and is therefore rejected under similar rationale. 
Regarding claim 18, claim 18 is directed to a non-transitory storage medium corresponding to the method of claim 8. Claim 18 is similar in scope to claim 8 and is therefore rejected under similar rationale. 
Regarding claim 19, claim 19 is directed to a non-transitory storage medium corresponding to the method of claim 9. Claim 19 is similar in scope to claim 9 and is therefore rejected under similar rationale. 
Regarding claim 20, claim 20 is directed to a non-transitory storage medium corresponding to the method of claim 10. Claim 20 is similar in scope to claim 10 and is therefore rejected under similar rationale. 
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Katragadda et al. (“Katragadda,” US 20190379699, published Dec. 12, 2019) in view of Hart et al. (“Hart,” US 20210056562, filed Feb. 8, 2019) and Connell et al. (“Connell,” US 20200358807, filed May 8, 2020). 
Regarding claim 7, Katragadda and Hart disclose the method of claim 1. 
Katragadda further discloses wherein the trust insertion metadata is added to a trust insertion metadata vector (Katragadda FIG. 2, [0126], [0150]-[0151]. For example, within the transaction engine 107, the valid message payload having a header M101 [can include “TxID , TIMESTAMP , HASH , PREV - HASH , METADATA M801 Digest , DATA - M1 Content,” see [0098], [0107].] may be evaluated for [] vectors of attack. [I]f a vector has enough validation [], the indicator becomes a comprise vector and is logged in the network layer 104 ( FIG . 2 ) .The vectors and indicators are validated, logged in the network layer 104 ( FIG . 2 ) , and recorded in the blockchain database 103.). 
Katragadda and Hart do not explicitly disclose: the data confidence score is added to a trust insertion range vector, and the overall data confidence score of the data confidence fabric is based on the trust insertion range vector and the trust insertion metadata vector. 
However, in an analogous art, Connell discloses the data confidence score is added to a trust insertion range vector (Connell [0054]- [0055]. In the illustrated embodiment, Attack Vector scoring is as follows: an attack that requires local access is more difficult for a bad actor to implement, and therefore, less likely to occur so it is scored as a 1), and 
the overall data confidence score of the data confidence fabric is based on the trust insertion range vector and the trust insertion metadata vector (Connell [0042]-[0043]. The exploit severity metadata typically includes various types of data describing aspects of the technology vulnerability, such as a complexity of a particular attack, an attack vector such as whether the attack is local or remote. At steps 710 and 712, the cyber security threat assessment system 100 (see FIG. 1) determines the holistic cyber security risk score, such as Threat Beta (see FIG. 6), based on the one or more component cyber security threat scores. Specifically, at step 710, the cyber security threat assessment system 100 determines individual IP address threat scores (an IP address specific Threat Beta) based on a combination of the Threat Surface, the Vulnerability Score, and the Attack Likelihood for each of the IP addresses of the target enterprise. Finally, to determine the holistic cyber security risk score (overall Threat Beta) for the target enterprise, at step 712, the cyber security threat assessment system 100 aggregates the individual IP address threat scores.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Connell with the teachings of Katragadda and Hart to include the step of: the overall data confidence score of the data confidence fabric is based on the trust insertion range vector and the trust insertion metadata vector, to provide users with a means for generating an aggregate malware score based on threat scores generated from assessment of individual IP addresses (metadata).  (See Connell [0043].) 
Regarding claim 17, claim 17 is directed to a non-transitory storage medium corresponding to the method of claim 7. Claim 17 is similar in scope to claim 7 and is therefore rejected under similar rationale. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD LONG whose telephone number is (571)272-8961.  The examiner can normally be reached on Monday to Friday, 9 AM - 6  PM EST (Alternate Fridays).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/EDWARD LONG/
Examiner, Art Unit 2439


/LUU T PHAM/            Supervisory Patent Examiner, Art Unit 2439