DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-8, 10-17, and 19-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Heckman et al. (US 2019/0207968 A1, hereinafter refers as Heckman).

Regarding claim 1, Heckman discloses an apparatus comprising:
a processor configured to:
receive data from a plurality of sources associated with an entity (Fig. 4A-4B, para. 95, el. 402);
cluster the data into security-related topics (Fig. 4A, el. 404-406, sub categorized or categorized the risk);
determine, via one or more machine learning models, maturity values of the entity
for the security-related topics, respectively (Fig. 4A-4B, el. 422-426, el. 446-450, para. 108-118, the maturity score is calculated); and
generate recommendations to improve the determined maturity values of the
entity, wherein the maturity values relate to a level of security of the entity with respect
to the security-related topics (Fig. 4B, el. 456, para. 118, generated a recommendation).

Regarding claim 2, Heckman discloses wherein the processor is configured to convert unstructured text from the received data into vectors and categorize each of the vectors into one of the security-related topics via a natural language process (Fig. 4A, el. 404-406, sub categorized or categorized the risks factors, para. 113).

Regarding claim 3, Heckman discloses wherein the processor is configured to determine, via
the one or more machine learning models, the maturity values based on a frequency of use of
keywords associated with the security-related topics and a sentiment analysis of the keywords (para. 111).

Regarding claim 4, Heckman discloses wherein the processor is configured to determine, via
the one or more machine learning models, individual maturity values of the security-related
topics for each of people, processes, and technology (para. 112-117).

Regarding claim 4, Heckman discloses wherein the processor is further configured to receive
updated data from the plurality of sources, and determine, via the one or more machine learning
models, updates to the maturity values of the entity for the security-related topics based on the
updated data (Fig. 4A-4B, para. 112-117).

Regarding claim 6, Heckman discloses wherein a determined maturity value comprises a score
that represents a state of practice of the entity with respect to best practices of an industry for a
security-related topic (para. 83-85, para. 112-117).

Regarding claim 7, Heckman discloses wherein the processor is further configured to output the
generated recommendations for display (Fig. 4B, el. 456).

Regarding claim 8, Heckman discloses wherein the processor is configured to identify maturity
components and capability components for the security-related topic (Fig. 4A-4B, para. 112-117).

	Regarding claim 10, the instant claim is met by rejection of claim 1.
Regarding claim 11, the instant claim is met by rejection of claim 2.
	Regarding claim 12, the instant claim is met by rejection of claim 3.
	Regarding claim 13, the instant claim is met by rejection of claim 4.
	Regarding claim 14, the instant claim is met by rejection of claim 5.
Regarding claim 15, the instant claim is met by rejection of claim 6.
	Regarding claim 16, the instant claim is met by rejection of claim 7.
	Regarding claim 17, the instant claim is met by rejection of claim 8.
Regarding claim 19, the instant claim is met by rejection of claim 1.
Regarding claim 20, the instant claim is met by rejection of claim 3.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Heckman in view of Woo (US 10,387,423 B2).

	Regarding claim 8, Heckman discloses all limitation of claim 1, 
	Heckman does not explicitly disclose wherein the processor is further configured to plot an
identifier of the security-related topics onto a graph in which a first axis represents a maturity of
the security-related topics and a second axis represents a capability of the security-related topics;
	Woo teaches wherein the processor is further configured to plot an
identifier of the security-related topics onto a graph in which a first axis represents a maturity of
the security-related topics and a second axis represents a capability of the security-related topics (Fig. 14A);
 	It would be obvious for one of ordinary skill in the art before the invention to modify Heckman to include Woo in order for a system to present a graphical view of potential cyber vulnerability thus allow a decision maker to make a better system to deter the cyber threat.

Regarding claim 18, the instant claim is met by rejection of claim 9.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAI Y CHEN whose telephone number is (571)270-5679. The examiner can normally be reached 8:30 AM -4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CAI Y CHEN/Primary Examiner, Art Unit 2425