Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This office action is in response to communication filed 4/10/2020. Claims 1-20 are currently pending and claims 1, 9, and 17 are the independent claims.

Claim Objections
Claims 1, 5, 7, 9, 13, 15, 17-19 are objected to because of the following informalities:  
As per claims 1, 9, and 17, they recite “…authorizing deployment of the release based on a determination that the one or more features from the release…” The examiner would like to point out that no “one or more features” have been previously recited in the claim and as such the claim should recite “…based on a determination that one or more features from the release…”
As per claims 5, 13, and 18, they are dependent on independent claims 1, 9, and 17 and further recite “…notify a user of the release...the status of the release…”. The examiner would like to point out that no “status of the release” has been previously recited in dependent claims 5, 13, and 18 or independent claims 1, 9, and 17, and as such the claim should recite  “…notify a user of the release...a status of the release…”.
As per claims 7, 15, and 19, they are dependent on independent claims 1, 9, and 17 and further recite “…display the identified one or more features that fail to meet the predetermined threshold…”. The examiner would like to point out that no “predetermined threshold” has been previously recited in dependent claims 7, 15, and 18 or independent claims 1, 9, and 17, and as such the claim should recite   “…display the identified one or more features that fail to meet a predetermined threshold…”.
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1, 4-5, 9, 12-13, and 17-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) creating a release; checking the release for violations against a set of Sarbanes-Oxley (SOX) audit rules; validating that the release is scanned for cyber vulnerabilities in accordance with an organization's established practices; and authorizing deployment of the release based on a determination that the one or more features from the release does not violate the set of SOX audit rules and that the one or more features from the release meet a predetermined threshold for the cyber vulnerabilities. 
The limitations of “checking the release for violations against a set of Sarbanes-Oxley (SOX) audit rules” and “validating that the release is scanned for cyber vulnerabilities in accordance with an organization's established practices”, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. That is, other than reciting “by utilizing one or more processors and one or more memories” nothing in the claim element precludes the steps from practically being performed in the mind. For example, but for the language “by utilizing one or more processors and one or more memories”, “checking the release for violations against a set of Sarbanes-Oxley (SOX) audit rules” and “validating that the release is scanned for cyber vulnerabilities in accordance with an organization's established practices” in the context of this claim encompasses the user manually/mentally/in the mind/etc. evaluating/judging/etc. the release/data/information/etc. for violations against a set of rules/set of SOX audit rules and cyber vulnerabilities. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “mental processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claim recites the additional elements of “A method for implementing a release automation dashboard module by utilizing one or more processors and one or more memories”, “creating a release”, and “authorizing deployment of the release based on a determination that the one or more features from the release does not violate the set of SOX audit rules and that the one or more features from the release meet a predetermined threshold for the cyber vulnerabilities”. The limitation “A method for implementing a release automation dashboard module by utilizing one or more processors and one or more memories” only clarifies that a generic/high level processor and generic/high level one or more memories are used to perform the abstract idea, and as such amounts to no more than mere instructions to apply the exception using generic computer components and as such does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The limitation “creating a release” only clarifies the obtaining of the release/data/information/etc. that is being evaluated/judged/etc. by performing the abstract idea, and a such does not impose any meaningful limits on practice the abstract idea. And the limitation “authorizing deployment of the release based on a determination that the one or more features from the release does not violate the set of SOX audit rules and that the one or more features from the release meet a predetermined threshold for the cyber vulnerabilities” only recites an extra solution activity that occurs as a result of practicing the abstract idea/outputting the result of practicing the abstract idea/etc., and as such does not impose any meaningful limits on practice the abstract idea. As such, these limitations do not integrate the abstract idea/mental process into a practical application as they do not impose any meaningful limits on practicing the abstract idea, and therefore the claim is not patent eligible.
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea/mental process into a practical application, the additional elements amount to no more than mere instructions to apply the exception using generic computer components, a clarification as to the release/data/information/etc. the abstract idea/mental process is being performed on, and an extra solution activity occurring as a result of practicing the abstract idea/outputting a result of the mental process/etc., which does not provide an inventive concept, and as such the claim is not patent eligible. 
 As per claim 4, it incorporates the deficiencies of independent claim 1 upon which it depends, and further recites “…wherein each feature is a unit of functionality of a software system that satisfies requirements, represents a design decision, and provides a configuration option”, which, with broadest reasonable interpretation, only provides further clarification as to evaluation/judging/mental process being performed, and as such is not significantly more than the abstract idea/mental process. Therefore claim 4 is rejected for the same reasoning as claim 1 upon which it depends. 
As per claim 5, it incorporates the deficiencies of independent claim 1 upon which it depends, and further recites “…determining that one or more of the features violate the set of SOX audit rules; and notifying a user of the release, by utilizing an electronic messaging tool, the status of the release and a list of violations of the SOX audit rules”, which , with broadest reasonable interpretation, only provides further clarification as to evaluation/judging/mental process being performed and the extra solution activity performed as a result of the performance of the mental process/evaluation/judging/etc., and as such is not significantly more than the abstract idea/mental process. Therefore claim 5 is rejected for the same reasoning as claim 1 upon which it depends.
As per claims 9, 12-13, and 17-18, they recite systems and non-transitory computer readable mediums, respectively, having similar limitations the methods of claims 1 and 4-5, respectively, and are therefore rejected for similar reasoning as claims 1, and 4-5, respectively, above. 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Anderson et al. (herein called Anderson) (US PG Pub. 2011/0125895 A1).

As per claim 1, Anderson anticipates: a method for implementing a release automation dashboard module by utilizing one or more processors and one or more memories, the method comprising: 
creating a release (pars. [0058]-[0061], software distribution (release) is created/built/changed/partitioned/etc. or operating environment); 
checking the release for violations against a set of Sarbanes-Oxley (SOX) audit rules (pars. [0062], [0066]-[0067], [0134], compliance with policy based requirements are enforced/managed/etc. for operating environment/data stored in operating environment/software distribution in operating environment/etc. which includes auditing for/tracking/controlling/etc. compliance with the requirements/policies/etc. (check release/software in operating environment/etc. for violations with requirements/policies), and requirements/policies may be for Sarbanes-Oxley/SOX requirements (requirements/policies are set of Sarbanes-Oxley audit rules).); 
validating that the release is scanned for cyber vulnerabilities in accordance with an organization's established practices (pars. [0049]-[0051], [0061], [0074]-[0077], [0134], [0136], development and deployment of provisioned services/applications is managed which includes securing resources, monitoring changes to compliance/fault tolerance/etc., controlling access, containing viruses or vulnerabilities, determining risk for compliance with/areas of non-compliance with/etc. SOX requirements, aggregating risk across different areas of infrastructure to determine security parameter index/vulnerabilities/etc.. As the service/application is managed and security/vulnerabilities/compliance with requirement/etc. is determined, the determining security/vulnerabilities/compliance with requirement/etc. is validating that the release/service/application/etc. is scanned for cyber vulnerabilities in accordance with an organization's established practices.); and 
authorizing deployment of the release based on a determination that the one or more features from the release does not violate the set of SOX audit rules (pars. [0012]-[0013], [0049], [0061], [0066], [0098], [0108], managed service/software/etc. (release) is requested to be provisioned (deployed), determination is made as to whether to provision/deploy/etc. service/application/release based on whether or not operational constraints/desired outcomes/workloads/etc. comply with security policies/requirements/governmental regulations/corporate best practices/laws/etc., service/application/release is provisioned/deployed/etc. (authorize deployment of release based on determination that features from release does not violate rules/policies), and policies may enforce compliance for Sarbanes-Oxley (release/software/service is determined not to violate set of SOX audit rules).) and 
that the one or more features from the release meet a predetermined threshold for the cyber vulnerabilities (pars. [0012], [0075], [0085], [0108], [0114], [0130], [0136], constraints/performance/operation state/etc. of managed provisioned service/software/etc. (release being deployed) is monitored/determined and service/software/etc. is scheduled to be provisioned/deployed for execution in a manner that satisfies constraints/policy controls/policy defined thresholds/vulnerabilities/security parameter index/etc. (release/service/application is deployed/scheduled to be provisioned for execution/etc. based on determining features/constraints/performance/operation state/etc. of release application/service/etc. meet predetermined threshold for cyber vulnerabilities/satisfy policy defined thresholds/vulnerabilities/security parameters/constraints/etc.).).

As per claim 2, Anderson further anticipates: 
creating a release label corresponding to the release in a project management tool (pars. [0064], [0067], [0077], workload management system provides version management services (version control system) and further classifies and tags data/applications/services/etc. to control/manage data/services/applications/resources/releases/etc., and security labels are created for virtual machines hosting/executing service/application/release/etc. (create release label corresponding to release/application/service/data/etc. in a project management tool/workload management system).); 
creating a release branch corresponding to the release in a version control system (pars. [0064], [0066]-[0067], [0120], [0124], workload management system provides version management services (version control system) and data/applications/services/resources/snapshot/etc. are classified/tagged/etc. and stored in database containing version controlled models of information/data/etc. (create/store release branch/version/classified and tagged data/etc. corresponding to the release/service/software/etc. in version control system/database containing version controlled models/data/etc.).); and 
displaying status and summary of the release on a graphical user interface (GUI) corresponding to the release label and the release branch (fig. 5a-5d, pars. [0066], [0120], [0124], [0126]-[0138], scorecards provide visualization and tuning/description/etc. (status and summary) of services/applications/workloads/resources/release (display status and summary of release) and scorecards are displayed on graphical user interface ).

As per claim 3, Anderson further anticipates: wherein the release label corresponds to a version of a software including owner information of the release which is represented in the project management tool (pars. [0067], [0103]-[0104], identity-based management enables the workload management system to control/track/audit ownership/etc. data/service/software/resource/release which is classified and tagged, identity based policy controls are used to collect/pool and protect resources/data/service/release/etc. (release/data/service/etc. corresponds to version of software including owner/identity information with is represented in the project management tool/workload management system).).

As per claim 4, Anderson further anticipates: wherein each feature is a unit of functionality of a software system that satisfies requirements, represents a design decision, and provides a configuration option (pars. [0012]-[0013], [0041], [0043], [0049]-[0054], user request service/resource/software/release and provide specifications/specify constraints/provide configuration/specifies desired outcome of operation/etc. (feature is unit of functionality that represents design decision and provides configuration option of release/resource/software/software system being requested) and workload management audits/determine/etc. compliance with policies/requirements/etc. (feature/functionality of software system/release/resource/software/etc. requested satisfies requirements). ).

As per claim 5, Anderson further anticipates: 
determining that one or more of the features violate the set of SOX audit rules (pars. [0106]-[0107], [0112], [0134], determination is made that the requested service/software/resources/release violates a policy/compliance requirements/etc. (determine features violate rules) and therefore cannot be provisioned/deployed, and policy/compliance requirements may be SOX requirements/SOX audit rules (rules violated by features/software/release are SOX audit rules).); and 
notifying a user of the release, by utilizing an electronic messaging tool, the status of the release and a list of violations of the SOX audit rules (pars. [0106]-[0107], [0112], [0126], [0134]-[0139], determination is made that the requested service/software/resources/release violates a policy/compliance requirements/etc. and therefore cannot be provisioned/deployed, policy/compliance requirements may be SOX requirements/SOX audit rules, and scorecards (electronic messaging tool) are used to provide description/details/etc. of services/software/application/release including security parameters, performance, vulnerabilities, risk of compliance/non-compliance with requirements/policies, etc. (status of release/application/software/service/etc. and list of violations/risks/etc. of SOX audit rules) and administrator/user/manager/etc. views scorecards/interacts with control elements in scorecards/etc. (utilize electronic messaging tool/scorecards to notify user of the release, status of release, and list of violations of SOX audit rules).).

As per claim 6, Anderson further anticipates: 
identifying one or more features of the release that violate the set of SOX audit rules (pars. [0062], [0066]-[0067], [0106], [0134], determination is made as to whether requested service/software/application/etc. (release) conforms/complies with policies/requirements and can be provisioned/deployed/etc., and areas having risks for compliance/non-compliance with SOX requirements are displayed (identify/determine/etc. and display features/areas/software/service/etc. of release/service/software/etc. that violate set of SOX audit rules/policies/have compliance risk/risk of non-compliance with SOX requirements/etc..); and 
discarding the identified one or more features that violate the set of SOX audit rules from the release (pars. [0080], [0109], [0123], [0134], [0139]-[0140], determination is made as to whether requested service/software/application/release features/etc. conforms/complies with policies/requirements and can be provisioned/deployed/etc., and areas having risks for compliance/non-compliance with SOX requirements are displayed and release/software/service/etc. is tuned/changed/provisioned and deprovisioned/etc. according to a plan to make changes/reduce risk/ensure compliance with requirements/etc. of the release/service/software/resources/etc. (discard features that violate SOX audit rules from release).).

As per claim 7, Anderson further anticipates: 
identifying one or more features from the release that fail to meet the predetermined threshold for the cyber vulnerabilities (pars. [0075], [0085], [0107], [0114], [0130], [0136], compliance with requirements/fault tolerance/policies/risk/vulnerabilities/etc. may be used to determine whether to provision/deploy/etc. service/software/resources/release, and policy defined thresholds are applied to resources/software/services/operational state/etc., and resources/software/etc. that falls below threshold/fails to meet predetermined threshold for cyber vulnerabilities are determined (identify release/features/etc. that fail to meet predetermined threshold for cyber vulnerabilities).); and
displaying the identified one or more features that fail to meet the predetermined threshold for the cyber vulnerabilities onto a graphical user interface (GUI) (fig. 5a-5d, pars. [0126], [0135]-[0139], scorecards provide description of service/application/release and provides for visualizing and tuning the services/application/etc. (release/features/etc.), and scorecards include description of risks/whether operation state complies with policies/whether security parameters reflect vulnerabilities/etc., and administrator/manager/user/etc. views scorecards on graphic user interface/GUI (display identified features/release/application/service/etc. that fail to meet predetermined threshold for cyber vulnerabilities onto a GUI).).

As per claim 8, Anderson further anticipates: 
receiving a request from a user's device to deploy the release into a production server (pars. [0009], [0012], [0058]-[0059], [0103], [0106], ]0123], user/entity/etc. requests services/resources/virtual machines/applications/etc. to be provisioned onto user system/computing resources/servers/etc. (receive request from user device to deploy/provision release/service/application/resources/etc. into production server/user system/computing resources/servers/etc.).); 
validating authenticity whether the user has permission to deploy the release into the production server by verifying the user's credentials with pre-stored credential information (pars. [0009], [0106], [0112], [0123], identity management and policy enforcement is used to manage identities/track identities and policies and provisioned services/etc. and determine whether service can be provisioned/deployed by requesting entity/user/etc., by ensuring requestor is authorized/authenticated/to configure device service is provisioned on/etc. (validate authenticity whether the user has permission/is authorized/authenticated/etc. to deploy/provision the release/service/application/resource/etc. into production server/user device by verifying/authenticating/determining credentials/etc. using identity management/tracking/etc./verifying user credentials/identity/etc. with pre-stored credential information/managed identity, policy, provisioned service, etc. information).); and 
executing deployment of the release into the production server based on a positive verification (pars. [0009], [0106], [0108], [0112], [0123], determination is made that the service/resource/application/release may be provisioned/deployed in accordance with requested constraints and service is provisioned/deployed/etc. (execute deployment of release/service/resources/application/etc. into production server based on a positive verification).).

As per claim 9, it recites a system comprising a database and a processor coupled to the database via a communication network having similar limitations to the method of claim 1, and further recites: a database that stores a set of Sarbanes-Oxley (SOX) audit rules.
Anderson further anticipates:
a database that stores a set of Sarbanes-Oxley (SOX) audit rules (pars. [0041], [0082], [0066]-[0067], [0134], policy/requirement/etc. are stored in database and policy/requirements may be Sarbanes-Oxley requirements/set of SOX audit rules.).
Therefore claim 9 is rejected for the same reasoning as claim 1, above in further view of Anderson pars. [0041], [0082], [0066]-[0067], and [0134]. 

As per claims 10-16, they recite systems having similar limitations to the methods of claims 2-8, respectively, and are therefore rejected for the same reasoning as claims 2-8, respectively, above. 

As per claims 17-20, they recite non-transitory computer readable mediums having similar limitations to the methods of claims 1, 5, 7, and 8, respectively, and are therefore rejected for the same reasons as claims 1, 5, 7, and 8, respectively, above. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS M SLACHTA whose telephone number is (571)270-0653. The examiner can normally be reached Monday-Friday 6:30am-4pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DOUGLAS M SLACHTA/           Examiner, Art Unit 2193