DETAILED ACTION
Response to Amendment
 	This Final office action is in response to Applicant’s amendment filed 3/17/2022. Claims 1, 4, 7, 8, 11, 14, 15, 17 and 20 have been amended. Claims 2 and 9 have been canceled, while claims 21 and 22 have been added. Claims 1, 3-8 and 10-22 are pending.

 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

 	Applicant's arguments filed 3/17/2022 have been fully considered but they are not persuasive. Additionally, Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.

 	The previously pending rejection to claim 2 under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, has been withdrawn, as moot.

Claim Rejections - 35 USC § 101
      35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


      Claims 1, 3-8 and 10-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims are directed to an abstract idea without significantly more.
Here, under step 1 of the Alice analysis, method claims 1, 3-7, 21 and 22 are directed to a series of steps, computer-readable storage medium claims 8 and 10-14 are directed to stored computer program instructions, and system claims 15-20 are directed to a processor; and a non-transitory computer-readable storage medium comprising stored computer program instructions. Thus the claims are directed to a process, manufacture, and machine, respectively.
Under step 2A Prong One of the analysis, the claimed invention is directed to an abstract idea without significantly more. The claims recite determining a risk score for the asset, including retrieving, identifying, determining, and sending steps.  
The limitations of retrieving, identifying, determining, and sending, are a process that, under its broadest reasonable interpretation, covers performance of the limitations in the mind, but for the recitation of generic computer components.
Specifically, the claim elements include retrieving data corresponding to an asset; identifying a set of vulnerabilities of the asset; determining, for each identified vulnerability, a likelihood of a threat actor successfully exploiting the vulnerability based on a likelihood an exploit is attempted, a likelihood an exploit is successful, and a likelihood a security control prevents an exploit; determining, based on a topography of a system including the asset, an impact of each identified vulnerability; determining, based on the likelihoods and impacts, a risk score for the 
That is, other than reciting a processor, a non-transitory computer-readable storage medium storing computer program instructions executable by a processor, and a user interface, nothing in the claim elements preclude the steps from practically being performed in the mind.  If the claim limitations, under the broadest reasonable interpretation, cover performance of the limitations in the mind, but for the recitation of generic computer components, then they fall within the “Mental Processes” grouping of abstract ideas.  Accordingly, the claims recite an abstract idea.
Under Step 2A Prong Two, the eligibility analysis evaluates whether the claim as a whole integrates the recited judicial exception into a practical application of the exception. This judicial exception is not integrated into a practical application.  The claims include a processor, a non-transitory computer-readable storage medium storing computer program instructions executable by a processor, and a user interface.  The processor, non-transitory computer-readable storage medium storing computer program instructions executable by a processor, and user interface in the steps is recited at a high-level of generality, such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  As a result, the claims are directed to an abstract idea.

None of the dependent claims recite additional limitations that are sufficient to amount to significantly more than the abstract idea. Claim 3 recites additional generating, performing, and determining steps. Claim 4 further describes the retrieved data. Claims 5-7 recite additional generating, sending, receiving, updating, retrieving, performing, and adjusting steps. Claim 13 recites additional extracting and storing steps. Similarly, dependent claims 9-12, 14, and 16-20 recite additional details that further restrict/define the abstract idea. Claim 21 recites additional identifying and retrieving steps, while claim 22 further describes the model attack graph. A more detailed abstract idea remains an abstract idea.
Under step 2B of the analysis, the claims include, inter alia, a processor, a non-transitory computer-readable storage medium storing computer program instructions executable by a processor, and a user interface.
As discussed with respect to Step 2A Prong Two, the additional elements in the claim amount to no more than mere instructions to apply the exception using a generic computer component.  The same analysis applies here in 2B, i.e., mere 
There isn’t any improvement to another technology or technical field, or the functioning of the computer itself.  Moreover, individually, there are not any meaningful limitations beyond generally linking the abstract idea to a particular technological environment, i.e., implementation via a computer system.  Further, taken as a combination, the limitations add nothing more than what is present when the limitations are considered individually.  There is no indication that the combination provides any effect regarding the functioning of the computer or any improvement to another technology.
In addition, as discussed in paragraphs 0057-0058 of the specification, “FIG. 6 is a block diagram illustrating components of an example machine able to read instructions from a machine-readable medium and execute them in a processor (or controller). Specifically, FIG. 6 shows a diagrammatic representation of a machine in the example form a computer system, within which program code (e.g., software or software modules) for causing the machine to perform any one or more of the methodologies discussed herein may be executed. The program code may be comprised of instructions 624 executable by one or more processors 602. In alternative embodiments, the machine operates as a standalone device or may be connected (e.g., networked) to other machines. In a networked deployment, the machine may operate in the capacity of a server machine or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or 
As such, this disclosure supports the finding that no more than a general purpose computer, performing generic computer functions, is required by the claims.
Viewed as a whole, these additional claim element(s) do not provide meaningful limitation(s) to transform the abstract idea into a patent eligible application of the abstract idea such that the claim(s) amounts to significantly more than the abstract idea itself.  Therefore, the claim(s) are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.  See Alice Corporation Pty. Ltd. v. CLS Bank Int’l et al., No. 13-298 (U.S. June 19, 2014).

Claim Rejections - 35 USC § 103
 	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
 	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 	Claims 1, 4, 5, 8, 11-13, 15, 17, 18, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Crabtree et al (US 20180322584 A1), in view of Pokhrel et al (US 10848515 B1).
As per claim 1, Crabtree et al disclose a method, comprising: 
retrieving data corresponding to an asset, wherein the asset is a computing device or software application of an enterprise system (i.e., gathering a variety of data from about a plurality of potential risks related to use to computer and information technology, ¶ 0094); 
identifying a set of vulnerabilities of the asset (i.e., FIG. 14 is a diagram illustrating an aspect of an embodiment, a propensity to be attacked (PTBA) matrix 1400 applicable to evaluating risk due to malicious actors. Not all insureds are equally likely to be attacked, and not all assets of a given insured are equally likely to be targeted. The propensity to be attacked (PTBA) matrix breaks down the cyber underwriting decision making process granularly, providing assessments of the likelihood of attack based on the type of attacker 1401 and the client's data assets 1402, ¶ 0095); and 
sending the risk score and an alert that the asset is at high risk for display (i.e., Results may be formatted for display and manipulation via the analyst terminal 311 
Crabtree et al does not explicitly disclose determining, for each identified vulnerability, a likelihood of a threat actor successfully exploiting the vulnerability based on a likelihood an exploit is attempted, a likelihood an exploit is successful, and a likelihood a security control prevents an exploit, determining, based on a topography of a system including the asset, an impact of each identified vulnerability, determining, based on the likelihoods and impacts, a risk score for the asset; and determining that the risk score exceeds a threshold risk score value, and sending an alert that the asset is at high risk for display.
Pokhrel et al disclose a stochastic model is proposed for the evaluation of security risks in networks. Among other modelling data, the model uses exploitability and impact sub-scores of the CVSS framework. As described in further detail below, an example network having three host servers, each including one vulnerability, is considered. Based on the network architecture and vulnerabilities of the example network, a host access attack graph is constructed. From the host access attack graph, a state transition probability matrix is computed using exploitability and impact sub-scores. Using the Markovian random walk, the risk associated with each node is prioritized by ranking. Finally, the risk associated with all the nodes present in the network is summed, and the overall network security risk is determined. This 
Once an attack graph is created, scores can be assigned to the vulnerabilities of the hosts in the attack graph using information from the risk metric data 124, such as CVSS framework metric data. The scores can be computed based on a number of scores and sub-scores, such as those shown in FIG. 1, for example, using with one or more expressions, equations, or sub-equations that relate them. In some cases, one or more standard expressions can be used calculate scores based on matrices that provide a quantitative score to approximate the ease and/or impact of the vulnerabilities in the nodes. The exploitability and impact sub-scores, for example, can also be combined to provide the basis of assigning scores to directed connections among the nodes in attack graphs as probabilities. Those probabilities can represent the possibility of a vulnerability being exploited by an attacker (column 6, lines 19-34).
To implement the stochastic model, the behavior of the attacker should also be considered. As one example, it can be assumed that the attacker would choose a vulnerability that maximizes the chances of success in the goal. In one example, if the attacker terminates attacking for any reason, then the model can move the attacker back to the initial state. Finally, utilizing the properties of a Markov chain, the risk of one or more individual nodes can be computed. The nodes are then prioritized based on risk, and the risks of all the nodes are summed to give the total security risk present in the computing system environment (column 6, lines 35-45).

To protect network-accessible resources from attacks, various Intrusion Detection Systems (IDSs) are available. These intrusion detection and prevention based tools can provide signals to alert network administrators of intrusions, providing them with a picture of activities on the network (column 2, lines 8-18).
Crabtree et al and Pokhrel et al are concerned with effective risk analysis and management.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include determining, for each identified vulnerability, a likelihood of a threat actor successfully exploiting the vulnerability based on a likelihood an exploit is attempted, a likelihood an exploit is successful, and a likelihood a security control prevents an exploit, determining, based on a topography of a system including the asset, an impact of each identified vulnerability, determining, based on the likelihoods and impacts, a risk score for the asset; determining that the risk score exceeds a threshold risk score value, and sending an alert that the asset is at high risk for display in Crabtree et al, as seen in Pokhrel et al, since the claimed invention is merely a combination of old elements, 
As per claim 4, Crabtree et al disclose wherein the retrieved data comprises numerical values representing characteristics of a software vulnerability (i.e., With its programmable connector module 135 and messaging center 135a, the insurance decision platform 100 is pre-designed to retrieve and transform data from the APIs of virtually all industry standard software packages and can be programmed to retrieve information from other legacy or obscure sources as needed, as an example, data may even be entered as csv and transformed, as a simplistic choice from the many possible formats known to one skilled in the art and for which the platform is capable to handle at step 401, ¶ 0058).
As per claim 5, Crabtree et al disclose generating a user interface visualizing the risk score; wherein sending the risk score for display comprises sending the generated user interface (i.e., Results may be formatted for display and manipulation via the analyst terminal 311 in several different ways a few of which include a hazard model at step 315 which defines arbitrary characteristics of potential disasters or loss-initiating events and their frequency, location and severity using analytics or modeling simulation., ¶ 0055).
As per claim 13, Crabtree et al disclose does not explicitly disclose extracting data from an external source outside the enterprise system; and storing the extracted data in a database of the enterprise system; wherein determining, for each 
Pokhrel et al disclose a stochastic model is proposed for the evaluation of security risks in networks. Among other modelling data, the model uses exploitability and impact sub-scores of the CVSS framework. As described in further detail below, an example network having three host servers, each including one vulnerability, is considered. Based on the network architecture and vulnerabilities of the example network, a host access attack graph is constructed. From the host access attack graph, a state transition probability matrix is computed using exploitability and impact sub-scores. Using the Markovian random walk, the risk associated with each node is prioritized by ranking. Finally, the risk associated with all the nodes present in the network is summed, and the overall network security risk is determined. This quantitative value can be taken as a security metric to determine the risk of an entire network (column 3, lines 43-59).
Once an attack graph is created, scores can be assigned to the vulnerabilities of the hosts in the attack graph using information from the risk metric data 124, such as CVSS framework metric data. The scores can be computed based on a number of scores and sub-scores, such as those shown in FIG. 1, for example, using with one or more expressions, equations, or sub-equations that relate them. In some cases, one or more standard expressions can be used calculate scores based on matrices that provide a quantitative score to approximate the ease and/or impact of the vulnerabilities in the nodes. The exploitability and impact sub-scores, for example, can also be combined to provide the basis of assigning scores to directed 
To implement the stochastic model, the behavior of the attacker should also be considered. As one example, it can be assumed that the attacker would choose a vulnerability that maximizes the chances of success in the goal. In one example, if the attacker terminates attacking for any reason, then the model can move the attacker back to the initial state. Finally, utilizing the properties of a Markov chain, the risk of one or more individual nodes can be computed. The nodes are then prioritized based on risk, and the risks of all the nodes are summed to give the total security risk present in the computing system environment (column 6, lines 35-45).
FIG. 1 illustrates organizational aspects of the Common Vulnerability Scoring System (CVSS) framework. CVSS is the open framework that provides quantitative scores representing the overall severity and risk of known vulnerabilities. A CVSS score can fall on a scale from 0 to 10, for example, and consists of three major metrics, including base, temporal, and environmental as shown in FIG. 1. Vulnerabilities with a base score range from about 0-3.9 can be considered relatively low vulnerability, 4.0-6.9 can be considered relatively medium vulnerability, and 7.0-10 can be considered relatively high vulnerability (column 4, lines 3-13).
To protect network-accessible resources from attacks, various Intrusion Detection Systems (IDSs) are available. These intrusion detection and prevention based tools can provide signals to alert network administrators of intrusions, providing them with a picture of activities on the network (column 2, lines 8-18).

Claims 8, 11 and 12 are rejected based upon the same rationale as the rejection of claims 1, 4 and 5, respectively, since they are the computer readable medium claims corresponding to the method claims.
Claims 15, 17, 18 and 19 are rejected based upon the same rationale as the rejection of claims 1, 4, 5 and 13, respectively, since they are the system claims corresponding to the  method claims.
As per claim 21, Crabtree et al does not disclose identifying an asset identifier of the asset; and retrieving, from a third-party vendor, threat data corresponding to the asset identifier; wherein retrieving data corresponding to the asset comprises retrieving the threat data.
Pokhrel et al disclose the attack graph constructor 142 is configured to construct host access attack graphs based on the network data 122. The network topology 
Once an attack graph is created, scores can be assigned to the vulnerabilities of the hosts in the attack graph using information from the risk metric data 124, such as CVSS framework metric data (column 6, lines 19-24).
Crabtree et al and Pokhrel et al are concerned with effective risk analysis and management.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include identifying an asset identifier of the asset; and retrieving, from a third-party vendor, threat data corresponding to the asset identifier; wherein retrieving data corresponding to the asset comprises retrieving the threat data in Crabtree et al, as seen in Pokhrel et al, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.

	Claims 3, 10, 16 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Crabtree et al (US 20180322584 A1), in view of Pokhrel et al (US 10848515 B1), in further view of Bassett (US 20160205122 A1).

Bassett discloses identifying attack paths based on attack vectors that may be used by actor, where the attack paths represent a linkage of nodes that reach a condition of compromise of network security; and calculating edge probabilities for the attack paths based on the estimates for each node along the attack path, where the node estimates and edge probabilities are determined by calculating a probability of likelihood for the nodes based on Markov Monte Carlo simulations of paths from an attacker to the nodes; generating an attack graph that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions of compromise based on combined estimates of the ease of the attack paths and the application of actor attributes (¶ 0006).
Crabtree et al and Bassett are concerned with effective risk analysis and management.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include generating a model attack graph including a representation of the asset; performing a Monte Carlo simulation upon the generated model attack graph; and determining a likelihood based on the performed Monte Carlo simulation in Crabtree et al, as seen in Bassett, since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, 
Claim 10 is rejected based upon the same rationale as the rejection of claim 3, since it is the computer readable medium claim corresponding to the method claim.
Claim 16 is rejected based upon the same rationale as the rejection of claim 3, since it is the system claim corresponding to the  method claim.
As per claim 22, Crabtree et al does not disclose wherein the model attack graph models the topography of the system including the asset, and wherein determining the likelihood of the threat actor successfully exploiting a particular vulnerability of the set of vulnerabilities further comprises: determining, based on the Monte Carlo simulation and the topography of the system, a likelihood that the asset is reached via another asset.
Bassett discloses identifying attack paths based on attack vectors that may be used by actor, where the attack paths represent a linkage of nodes that reach a condition of compromise of network security; and calculating edge probabilities for the attack paths based on the estimates for each node along the attack path, where the node estimates and edge probabilities are determined by calculating a probability of likelihood for the nodes based on Markov Monte Carlo simulations of paths from an attacker to the nodes; generating an attack graph that identifies the easiest conditions of compromise of network security and the attack paths to achieving those conditions of compromise based on combined estimates of the ease of the attack paths and the application of actor attributes (¶ 0006).
.

 	Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Crabtree et al (US 20180322584 A1), in view of Pokhrel et al (US 10848515 B1), in further view of King-Wilson (US 20170366572 A1).
As per claim 6, Crabtree et al does not disclose receiving selection of a portion of the enterprise system at a first level of a hierarchy in the user interface; and updating the user interface to display risk scores for portions of the enterprise system at a second level of the hierarchy.
King-Wilson discloses The target (“Target”) is a system category attacked by the threat. Targets are preferably named in a systematic way. Examples of targets include “Windows.XP” or “Oracle. 9i”. Targets can be identified at different levels 
Each process is defined by identity and a name, value in terms of the cost of downtime. The dependency of each process on an underlying IT system is defined by process identity, system identity, dependency description and dependency level. (¶ 0085). 
In FIG. 3, only one level or layer of system category 33 is shown for clarity. However, as will be explained in more detail, there may be additional levels of system category 33 such that one or more system categories 33 in a lower level may depend on a system category in a higher level. Thus, a system 30 may depend on one or more system categories 33, which may arranged in one or more layers (¶ 0087). For example, a system category 33 in a higher level may be Windows and system categories 33 in a lower level may be Windows Server 2003 and Windows XP. A system 30 may be a corporate server which depends on Windows Server 2003 and another system 30 could be desktop computer which depends on Windows XP (¶ 0088).
Crabtree et al and King-Wilson are concerned with effective risk analysis and management.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include receiving selection of a portion of the enterprise system at a first level of a hierarchy in the user interface; and updating the user interface to display risk scores for portions of the enterprise system at a second level of the hierarchy in Crabtree et al, as seen in King-Wilson, .

 	Claim 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Crabtree et al (US 20180322584 A1), in view of Pokhrel et al (US 10848515 B1), in further view of Kimball et al (US 10817604 B1).
As per claim 7, Crabtree et al does not disclose retrieving logged data of the enterprise system; performing pattern recognition upon the retrieved logged data of historic risk information; and adjusting the risk score based on the performed pattern recognition.
Kimball et al disclose FIG. 2 illustrates graphs 200 depicting working of K-means clustering algorithm. As discussed in FIG. 1, a model may implement sentiment analysis and pattern recognition tools to analyze source code by categorizing the source code by behavior(s) of customers were likely experiencing as the customers wrote the source code. After the source code is classified, the model may then perform cyber-security examination to locate potential security threats within the source code. Based on the examination, the model may determine a likelihood that a security threat is malicious, based on the behaviors that are associated with each structure of the source code. A model may then generate an output comprising a list of security threats ranked in order of a likelihood along with a level of danger that the security threat presents (column 11, lines 60-67).

Claim 14 is rejected based upon the same rationale as the rejection of claim 7, since it is the computer readable medium claim corresponding to the method claim.
Claim 20 is rejected based upon the same rationale as the rejection of claim 7, since it is the system claim corresponding to the method claim.

Response to Arguments
 	In the Remarks, Applicant argues Similar to the claims set forth in Finjan, the claims of the present application provide for improved cybersecurity by mitigating risk through improved risk monitoring. The present claims do not attempt to monopolize the concept of cybersecurity risk monitoring, but rather set forth a particular process that provides improved cybersecurity risk monitoring and therefore improves computer functionality, which therefore renders the claims eligible. For example, the claims include: determining, for each identified vulnerability, a 
This particular process alerts when there are high risk vulnerabilities, as determined using a specific process that factors for myriad aspects of the asset and the system in which the asset resides. Alerting high risk vulnerabilities better enables the application of security measures to reduce that risk, thereby enhancing the security of the computer system. As established in Finjan, improving cybersecurity is a benefit that improves computer functionality. Furthermore, similar to Finjan's security profile, the claimed risk score enables the alerting of high risk vulnerabilities in a manner that addresses a problem in cybersecurity. For example, a problem identified in the Background of the specification: "to estimate the vulnerability of a system and quantify the risk associated with it, an enormous number of factors need be considered. It is not sufficient to simply consider the vulnerabilities by themselves - there is also a need to understand how these vulnerabilities relate... conventional cybersecurity systems may be slow to react to new and evolving threats and even slower to recommend responses to those new threats." The claimed, unconventional technique provides for cybersecurity risk monitoring that addresses these problems, 
In Finjan, the claimed invention involves a method of virus scanning that scans an application program, generates a security profile identifying any potentially suspicious code in the program, and links the security profile to the application program.  The claims were held patent eligible because the court concluded that the claimed method recites specific steps that accomplish a result that realizes an improvement in computer functionality.  The method represented an improvement over traditional virus scanning, which only recognized the presence of previously-identified viruses.  The method also enables more flexible virus filtering and greater user customization.
Contrarily, here Applicant’s claims do not recite virus scanning that scans an application program, and generates a security profile identifying any potentially suspicious code in the program. As such, Applicant’s claim language provides no specific steps that accomplish a result that realizes an improvement in computer functionality. 
Rather, the claims here simply relate to determining a risk score for the asset. As such, and contrary to Applicant’s assertion, the claim limitations, under the broadest reasonable interpretation, cover performance of the limitations in the mind, but for the recitation of generic computer components, then they fall within the “Mental 
Under Step 2A Prong Two, the eligibility analysis evaluates whether the claim as a whole integrates the recited judicial exception into a practical application of the exception. This evaluation is performed by (a) identifying whether there are any additional elements recited in the claim beyond the judicial exception, and (b) evaluating those additional elements individually and in combination to determine whether the claim as a whole integrates the exception into a practical application. 2019 PEG Section III(A)(2), 84 Fed. Reg. at 54-55. Besides the abstract idea, the claims include a processor, a non-transitory computer-readable storage medium storing computer program instructions executable by a processor, and a user interface.
The a processor, a non-transitory computer-readable storage medium storing computer program instructions executable by a processor, and a user interface in the steps is recited at a high-level of generality, such that it amounts no more than mere instructions to apply the exception using a generic computer component.  These limitations can also be viewed as nothing more than an attempt to generally link the use of the judicial exception to the technological environment of a computer.  It should be noted that because the courts have made it clear that mere physicality or tangibility of an additional element or elements is not a relevant consideration in the eligibility analysis, the physical nature of these computer components does not affect this analysis. See MPEP 2106.05(I) for more information on this point, 
Even when viewed in combination, the additional elements in the claims do no more than use computer components as a tool (i.e., a processor, a non-transitory computer-readable storage medium storing computer program instructions executable by a processor, and a user interface).  There is no change to the computers and/or other technology recited in the claims, thus the claims do not improve computer functionality or other technology. See, e.g., Trading Technologies Int’l v. IBG, Inc., 921 F.3d 1084, 1093 (Fed. Cir. 2019) (using a computer to provide a trader with more information to facilitate market trades improved the business process of market trading, but not the computer) and the cases discussed in MPEP 2106.05(a)(I), particularly FairWarning IP, LLC v. Iatric Sys., 839 F.3d 1089, 1095 (Fed. Cir. 2016) (accelerating a process of analyzing audit log data is not an improvement when the increased speed comes solely from the capabilities of a general-purpose computer) and Credit Acceptance Corp. v. Westlake Services, 859 F.3d 1044, 1055 (Fed. Cir. 2017) (using a generic computer to automate a process of applying to finance a purchase is not an improvement to the computer’s functionality). Accordingly, the claim as a whole does not integrate the recited judicial exception into a practical application and the claim is directed to the judicial exception.
Applicant also argues Crabtree does not anticipate claim 1 as amended. For example, Crabtree does not disclose "determining, for each identified vulnerability, a likelihood of a threat actor successfully exploiting the vulnerability based on a 
The Examiner respectfully submits that, as discussed in the updated rejection, Crabtree et al, in view of Pokhrel et al indeed disclose Applicant’s amended claim language, including claim 13.
Regarding claim 6, and contrary to Applicant’s assertion, King-Wilson discloses it will be appreciated that many modifications may be made to the embodiments hereinbefore described. The threat assessment system, model control system 51 and/or the analysis/reporting system 52 may be provided with a web interface to allow remote access by a user (¶ 0218).
Regarding claim 7, and contrary to Applicant’s assertion, Kimball et al disclose A pattern analysis tool may be generated by identifying multiple sources from which From this data, timestamps may be obtained to analyze and find time patterns that could indicate a problem or behavior the customer was experiencing (column 8, lines 42-59).

Conclusion
 	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDRE D BOYCE whose telephone number is (571)272-6726. The examiner can normally be reached M-F 10a-6:30p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rutao (Rob) Wu can be reached on (571) 272-6045. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANDRE D BOYCE/Primary Examiner, Art Unit 3623                                                                                                                                                                                                        March 26, 2022