Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is in response to papers filed on 2/23/2022.
Claim1-6, 9, and 11-16 have been amended.
No claims have been cancelled.
No claims have been added.
Claims 1-20 are pending.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to claim an abstract idea without significantly more.
Regarding Step 1 of 101 Analysis.
Claims 1-10 are directed to a system for mitigating configuration change risk for a managed service, (i.e. a machine).  Therefore, Claims 1-10 are within at least one of the four statutory categories.
Claims 11-20
Under Step 2A of the 2019 Revised Patent Subject Matter Eligibility Guidance (2019 PEG), it is determined whether the claims are directed to a judicially recognized exception. Step 2A is a two-prong inquiry.
Under Prong 1, it is determined whether the claim recites a judicial exception (YES).
Taking Claim 1 as representative, the claim recites limitations that fall within the certain methods of organizing human activity groupings of abstract ideas, including:
Re. Claim 1, A system for mitigating configuration change risk for a managed service in a customer environment, the system comprising:
receiving a command sent toward the management interface for altering operation of the managed service that was intercepted prior to execution
rating a probability of error if the intercepted command were to be executed in the customer environment;
determining whether the rated probability of error is below, equal to, or above a given error threshold;
when the rated probability of error is determined to be below the given error threshold, forwarding the intercepted command to the management interface to execute the command, thereby altering the operation of the managed service; and when the rated probability of error is determined to be above the given error threshold, (1) requesting an authorization code, and (2) only in response to receiving the authorization code, forwarding the intercepted command to the management interface to execute the command, thereby altering the operation of the managed service.
Certain methods of organizing human activity include:
fundamental economic principles or practices (including hedging, insurance, and mitigating risk) 
commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations); the examiner notes patent claims are agreements in the form of a contract license with the U.S. Government.   
managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions) (see MPEP § 2106.04(a)(2), subsection II)
The limitations of receiving a command, rating a probability of error, comparing the rated probability to a threshold, forwarding the intercepted command to the management interface, requesting an authorization code, and forwarding the intercepted command to the management interface, as drafted, covers a fundamental economic principles or practices (including hedging, insurance, mitigating risk) mitigating the risk of losing customers and profits due to poor managed services.  For example: “mitigating”, “intercepting”, “rating”, “comparing”, “requesting” and “forwarding” in the context of this application encompasses a fundamental economic principles or practices (including hedging, insurance, mitigating risk), toward managing and improving the customer satisfaction in a customer environment (see specification at “Field” (page 1), “The disclosure pertains generally to service management, and more particularly to  mitigating risks when implementing change within a customer environment.”)
Under Prong 2, it is determined whether the claim recites additional elements that integrate the exception into a practical application of the exception. This judicial exception is not integrated into a practical application (NO).
The claimed elements are insufficient to integrate the abstract idea into a practical application because the claim fails to i) reflect an improvement in the 
Accordingly, the judicial exception is not integrated into a practical application.
Under Step 2B, it is determined whether the claims recite additional elements that amount to significantly more than the judicial exception. The claims of the present application do not include additional elements that are sufficient to amount to significantly more than the judicial exception (NO).
Dependent Claims 2-10 are rejected based in the rejection of independent Claim 1.  In addition, the analysis above applies to all statutory categories of invention, therefore method Claim 11 and dependent Claims 12-20 are also rejected under this analysis. The activities of the depending claims fail to differentiate the claims from the related activities in the parent claims and fail to provide any material to render the claimed invention to be significantly more than the identified abstract ideas.  The claims are directed to the same abstract ideas identified in the independent claims and simply provide further details for this abstract idea.  The claims do not provide any new additional limitations beyond abstract idea that are not addressed above in the independent claims therefore, they do not integrate the abstract idea into a practical application nor do they provide significantly more to the abstract idea.  

- Claims 4, 6-8, 14, and 16-18 recite further elements related to the data analysis and processing steps of the parent claims.
- Claims 9, 10, 19, and 20 recite further elements related to making and responding to authorization requests.  These steps would fall under the same abstract ideas and analysis as the steps of the parent claims without adding significantly more to the claimed invention.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Examiner’s Note: As interpreted in view of Applicant’s disclosure, the terms “risk” and “probability” (and any variations of those terms) will be interpreted as having the same meaning and scope.  References to risk in the prior art reference citations will remain the same for clarity, but will also be interpreted as reading on the new claim language. See Applicant’s specification at page 13, “In other words, the risk rating may be viewed roughly as a probability that executing the intercepted command will complete without unacceptable errors. As may be appreciated, each component risk rating in the multiplicative product represents a probability of success had by commands relating to the relevant risk factor. …” (this is the only reference to “probability” identified in the specification).  
Claims 1, 2, 3, 11, 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian et al. (US 20200409831, hereafter “Balasubramanian”) in view of Cheng et al. (US 10839328, hereafter “Cheng”) and further in view of Stickle et al. (US 10523716, hereafter “Stickle”).
Re. Claim 1 and 11, Balasubramanian teaches A system and method for programmatically using a service management interface to alter operation of a managed service executing on a computer server in a customer environment, the system comprising:
a computer processor in data communication with the management interface, the computer processor configured for: (at least Fig. 1; ¶ 12)
receiving a command sent toward the management interface for altering operation of the managed service that was intercepted prior to execution, (¶ 12, Still other aspects described herein relate to a method for testing resiliency of the interceptor may intercept calls from a monitored application to an API that the application depends on., and ¶ 128; At step 1165 Additionally, and/or alternatively, the recommendation may be presented to the system administrator as a step the monitoring application can automatically implement once the administrator approves.)
Balasubramanian further teaches determining whether the rated probability of error is below, equal to, or above a given error threshold (¶ 62; The monitoring application 430 may generate reports that provide indications of system operating health. For example, reports may indicate whether application 401 or any of the dependencies 403a-n are operating with errors beyond an unhealthy operating status threshold.; by nature, the comparison to the threshold would only be able to yield results that are above the threshold, below the threshold, or equal to the threshold; ¶ 186; further discussion of risk factor determination and scoring, including comparisons to baselines);
Balasubramanian does not teach rating a probability of error if the intercepted command were to be executed in the customer environment
However, Cheng does teach rating a probability of error if the intercepted command were to be executed in the customer environment (Col. 3, Lines 20-30; By separating the risk monitoring function from the business processing function and adopting an asynchronous mechanism, the present disclosure can greatly improve the performance of the system. Using risk monitoring system to provide a unified monitoring for all business processing systems, a preferred embodiment allows easy 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Balasubramanian’s change assistant with Cheng’s risk monitoring systems since the rule engine instead of hard coding is used for implementing the event analysis, any addition of new rules or modifications to existing rules can be achieved simply by editing the rule configuration without requiring code modification, compilation or re-distribution (Cheng Col. 3, Lines 38-43). 
Balasubramanian discloses the above elements related to comparisons of threshold data, as shown above.  Balasubramanian does not teach when the rated probability of error is determined to be below the given error threshold, forwarding the intercepted command to the management interface to execute the command, thereby altering the operation of the managed service.  However Cheng does teach when the rated probability of error is determined to be below the given error threshold, forwarding the intercepted command to the management interface to execute the command, thereby altering the operation of the managed service; (Claim 9; the intercepted data is analyzed to determine a risk level and based on the determined risk level a transaction can be invalidated (this would indicate that some transaction would not be invalidated based on the 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Balasubramanian’s change assistant with Cheng’s risk monitoring systems in order to simply allow commands that are not risky to be processed without further hindrances (Cheng Claim 9). 
Balasubramanian/Cheng doesn’t teach, when the rated probability of error is determined to be equal to or above the given error threshold, (1) requesting an authorization code, and (2) only in response to receiving the authorization code, forwarding the intercepted command to the management interface to execute the command, thereby altering the operation of the managed service; 
However, Stickle teaches when the rated probability of error is determined to be equal to or above the given error threshold (Col. 7, Lines 31-34 and Fig. 6; the authorization module 206 may transmit a request to an account security service 210 to determine whether the account specified in the request from the customer is an immutable account., The Examiner considers the immutable account to be low risk, so change approval is bypassed and the request is fulfilled.), (1) requesting an authorization code (Col. 3, Lines 51-58; The credential information may include, among other things, a username, a corresponding password, biometric information, a cryptographic key, a unique identifier, a set of credentials, a hash of the set of credentials, a digital signature generated using a credential, a message authentication code generated based at least in part on a credential, and the like.), and (2) only in response to receiving the authorization code, forwarding the intercepted command to the management interface to execute the command, thereby altering the operation of the managed service (Col. 7, Lines 28-30 and Fig. 6; In an embodiment, if the authorization module 206 determines, based at least in part on the obtained policies, that the customer is authorized to make configuration changes to the account).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Balasubramanian and Cheng’s system and method of mitigating risk of configuration change with Stickler’s authentication process so that the 
Re. Claim 2 and 12, Balasubramanian, Cheng and Stickle teach The system and method according to claims 1 and 11, Balasubramanian teaches wherein the management interface comprises a command line interface (CLI) and the command was received from a wrapper, around the CLI with which the computer processor is in data communication (¶ 202; An interceptor may intercept calls from a monitored application to an API that the application depends on. The intercepted calls may be modified and passed on, in such a manner that they return failed and/or unexpected results to the application. The interceptor may modify a result returned to an API call, such as by causing a portion of calls to timeout or yield errors., The Examiner points out that the modification of the result to cause a portion of the calls to timeout or yield errors is an example of a subroutine that defines the function of a wrapper.).
Re. Claim 3 and 13, Balasubramanian, Cheng and Stickle teach The system and method according to claims 1 and 11, Balasubramanian teaches wherein the management interface comprises an application programming interface (API) and the command was received from a proxy with which the computer processor is in data communication (¶ 203 and FIG. 17; FIG. 17 depicts an example architecture for testing applications based on modifying API calls. The example architecture may include application 1700, interceptor 1705, and APIs D1 1707 and D2 1709., The Examiner .
Claims 4, 6, 14 and 16, are rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian et al. (US 20200409831, hereafter “Balasubramanian”) in view of Cheng et al. (US 10839328, hereafter “Cheng”) further in view of Stickle et al. (US 10523716, hereafter “Stickle”) and further in view of Galtsev et al. (US 20170093863, hereafter “Galtsev”).
Re. Claim 4 and 14, Balasubramanian, Cheng and Stickle teach The system and method according to claims 1 and 11, Balasubramanian, Cheng and Stickle do not teach wherein the computer processor is configured for rating the probability of error by combining risk factors relating to a respective plurality of sources of risk
However, Galtsev does teach wherein the computer processor is configured for rating the probability of error by combining risk factors relating to a respective plurality of sources of risk (¶ 8; The computer storage media further stores computer executable instructions configured to generate a total risk score for the at least some requests to access the first application by: identifying conditions of the request; applying the rules to the conditions to identify which risk factors and mitigating factors are present within the request; applying the risk policy to the identified risk factors and mitigating factors such that the corresponding percentage is assigned to each risk factor, and the percentage assigned to each risk factor is modified by the corresponding percentage assigned to any mitigating factor that applies to the risk factor; and combining the percentages generate the total risk score as a percentage that represents the risk of authorizing the request.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Balasubramanian, Cheng and Stickler’s system and method of mitigating risk of configuration change with Galtsev’s retrieval of topology data and network traffic data to forward mitigation recommendations to one or more clients that may include recommended network topologies or flow redirect changes (Galtsev, ¶ 50).
Re. Claim 6 and 16, Balasubramanian, Cheng, Stickle and Galtsev teach The system and method according to claim 4 and 16, Galtsev further teaches wherein computer processor is configured for multiplying risk factors associated with: any managed software or hardware associated with the intercepted command (¶ 17 and FIG. 5; FIG. 5 illustrates an example interface that can be displayed to allow an administrator to define a risk policy for a particular managed application, or errors logged by the managed service, or any combination of these).
Claims 5 and 15, are rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian et al. (US 20200409831, hereafter “Balasubramanian”) further in view of Cheng et al. (US 10839328, hereafter “Cheng”) in view of Stickle et al. (US 10523716, hereafter “Stickle”) further in view of Galtsev et al. (US 20170093863, hereafter “Galtsev”) and further in view of Tsu-Hsin et al. (WO 2017105383, hereafter “Tsu-Hsin”).
Re. Claim 5 and 15, Balasubramanian, Cheng, Stickle and Galtsev teach The system according to claims 4 and 14, Balasubramanian, Cheng, Stickle and Galtsev do  further comprising a knowledge database that is executing outside the customer environment, wherein the computer processor is configured for obtaining the risk factors from the knowledge database 
However, Tsu-Hsin does teach further comprising a knowledge database that is executing outside the customer environment, wherein the computer processor is configured for obtaining the risk factors from the knowledge database (¶ 50; In some aspects, customer notification engine 410 may be configured to alert clients about potential negative impacts of security threats, and provide recommendations and instructions for mitigating risks detected and analyzed via risk detection and calculation module 420. For example customer notation engine 410 may be configured to provide risk alerts for any newly discovered attack pattern that may apply to a customer environment (for example, industrial network 202). Threat information collector 418 may aggregate threat information learned from public sources including the Internet, and private sources including analytic engine 402.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Balasubramanian, Cheng Stickler and Galtsev’s system and method of mitigating risk of configuration change with Tsu-Hsin’s retrieving, via the processor, network flow data from a plurality of network data collectors, generating, via the processor, an attack tree based on the topology data and the network flow data, updating a customer model database with the attack tree and the topology data, and outputting a .
Claims 7 and 17, are rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian et al. (US 20200409831, hereafter “Balasubramanian”) in view of Cheng et al. (US 10839328, hereafter “Cheng”) further in view of Stickle et al. (US 10523716, hereafter “Stickle”) further in view of Galtsev et al. (US 20170093863, hereafter “Galtsev”) and further in view of Wilson et al. (WO 2020106740, hereafter “Wilson”).
Re. Claim 7 and 17, Balasubramanian, Cheng, Stickle and Galtsev teach The system and method according to claims 6 and 16, Balasubramanian, Cheng, Stickle and Galtsev do not teach wherein the risk factors are provided as default values that are increased or decreased on a per-customer basis.
However, Wilson does teach wherein the risk factors are provided as default values that are increased or decreased on a per-customer basis (¶ 19; In at least some embodiments, the term “extension resource group” (ERG) may be used to refer to a collection of resources (e.g., hardware, software, firmware, configuration metadata and the like) located at a premise external to a provider network to enable virtual machines to be established and utilized at the premise., and ¶ 21; A VCS customer Cl who wishes to start using an ERG at a particular location, such as a particular customer data center CDC1, may do so by participating in a workflow similar to the following in at least some embodiments. Cl may first optionally select, from among a set of physical ERG configuration types (e.g., a “small” ERG configuration comprising a half-rack of servers of a 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Balasubramanian, Cheng, Stickler and Galtsev’s system and method of mitigating risk of configuration change with Wilson’s extension resource group” (ERG) configuration default configuration (Wilson ¶ 21). 
Claims 8, 9, 10, 18, 19 and 20, are rejected under 35 U.S.C. 103 as being unpatentable over Balasubramanian et al. (US 20200409831, hereafter “Balasubramanian”) further in view of Cheng et al. (US 10839328, hereafter “Cheng”) further in view of Stickle et al. (US 10523716, hereafter “Stickle”) and further in view of Wilson et al. (WO 2020106740, hereafter “Wilson”).
Re. Claim 8 and 18, Balasubramanian, Cheng and Stickle teach The system and method according to claims 1 and 11, Balasubramanian, Cheng and Stickle do not teach wherein the given error threshold is provided as a default value that is increased or decreased on a per-customer basis.
However, Wilson does teaches wherein the given error threshold is provided as a default value that is increased or decreased on a per-customer basis (¶ 19; In at least some embodiments, the term “extension resource group” (ERG) may be used to refer to a collection of resources (e.g., hardware, software, firmware, configuration metadata and the like) located at a premise external to a provider network to enable virtual machines to be established and utilized at the premise., and ¶ 21; A VCS customer Cl who wishes to start using an ERG at a particular location, such as a particular customer data center CDC1, may do so by participating in a workflow similar to the following in at least some embodiments. Cl may first optionally select, from among a set of physical ERG configuration types (e.g., a “small” ERG configuration comprising a half-rack of servers of a standard size, a “medium” ERG configuration comprising a full rack of servers, a “large” ERG configuration comprising two full racks of servers, etc.), the specific configuration that is to be set up at the desired location or premise. By default, if Cl does not wish to explicitly pick an ERG configuration type, a particular configuration type (such as a “small” configuration) may be selected for the client in some embodiments, thereby further reducing the effort required from Cl., The Examiner points out that the error threshold is included in the extension resource group” (ERG) configuration.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify Balasubramanian, Cheng, Stickler and Galtsev’s system and method of mitigating risk of configuration 
Re. Claim 9 and 19, Balasubramanian, Cheng and Stickle teach The system and method according to claims 1 and 11, Wilson further teaches wherein the computer processor is configured for requesting an authorization code that indicates completion, by a person who sent the intercepted command to the management interface of a particular risk-mitigating action from a plurality of such actions (¶ 31; In at least one embodiments, respective message authentication codes (including for example hash-based message authentication codes or HMACs) may be generated for the outbound commands sent from the outbound command communicators (OCC) to the ERG. In various embodiments, the OCC may log all outbound communication messages sent to a given ERG, and the logged messages may be examined by the client in whose behalf the ERG is set up if desired. In some embodiments, at least two virtual network interfaces may be associated with a given OCC - one that is used to obtain commands from the VCS control plane, and one that is used to communicate with the ERG using the secure network channel., The Examiner points out that the client will likely desire that one of the OCC outputs be notification of completion of authentication process.)
Re. Claims 10 and 20, Balasubramanian, Cheng, Stickle and Wilson teach The system and method according to claim 9 and 19, Stickle further teaches wherein the plurality of risk-mitigating actions includes confirming: that an administrative supervisor or peer of the person has approved execution of the intercepted command (¶ 43; If the account is not immutable (e.g., the configuration of the account may be modified without administrator approval), the account security service 322 may transmit a notification to .

Response to Arguments
Applicant’s arguments filed 2/23/2022 have been fully considered but they are not persuasive. 
I. Rejection of Claims under 35 U.S.C. §101
Applicant argues that the claim has been amended to now be directed to a computer system. However, the recited technology is merely generically recited computer components used a stools to implement the process. The computer used in the claims is recited at a high-level of generality (i.e., as a generic processor performing a generic computer functions of transmitting and processing data).  These additional feature are not enough to render the claims to be significantly more than the identified abstract ideas.
II. Rejection of Claims under 35 U.S.C. §112
The 35 U.S.C. §112 rejections have been withdrawn.
III. Rejection of Claims under 35 U.S.C. §103
In regards to the language of the independent claims that Applicant pointed out was not included in the rejection language, Examiner has provided the language of the limitation and a specific citation to the prior art references.  However, the material in the 
In regards to Applicant’s remarks directed to Cheng, it appear that Applicant is arguing that Cheng is used in a different environment.  Even if Cheng is directed to financial risk rather than management services (although it is not clear that the financial environment would not be related to a managed service), that alone does render the reference inapplicable.  If the processes perform the same functions regardless of what type of business, service, environment, etc. it is used for, then reference still reads on the claim limitations.
Regarding probability of error, certain features of Cheng are being combined with the probability of error detection in Balasubramanian and not used alone to reject all claim elements and features. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  This also refers to remarks regarding Balasubramanian and Stickle.
Applicant argues that Balasubramanian does not perform “hypothetically executed” commands.  However, Balasubramanian uses commands to perform testing with the ability to retrieve and insert the original command.  This testing demonstrates a hypothetical execution of commands to determine their effects.

Conclusion
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAUN D SENSENIG whose telephone number is (571)270-5393. The examiner can normally be reached M-F: 10:00am-4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached on 571-272-6872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/S.D.S/Examiner, Art Unit 3629                                                                                                                                                                                                        March 26, 2022

/ANDREW B WHITAKER/Primary Examiner, Art Unit 3629