DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This is a Non-Final Office Action in response to application 16/223,334 entitled "SYSTEM AND METHOD PROVIDING AUTOMATED RISK ANALYSIS TOOL" with claims 1-3, 6, 7, 9, 12, 15, 17 and 19 pending.
Status of Claims
Claims 1, 17 and 19  have been amended and are hereby entered.
Claims 4-6, 8, 10, 11 , 13, 14, 16, 18, 20 were previously cancelled.
Claims 1-3, 7, 9, 12, 15, 17 and 19 are pending and have been examined.

Response to Amendment
The amendment filed January 3, 2022 has been entered. Claims 1-3, 6, 7, 9, 12, 15, 17, and 19 remain pending in the application.  Applicant’s amendments to the Specification, Drawings, and/or Claims have been noted in response to the Final Office Action mailed October 25, 2021.
  Information Disclosure Statement
The information disclosure statement (IDS) submitted on December 18, 2018 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-3, 7, 9, 12, 15, 17, and 19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claims 1-3, 7, 9, 12, 15, 17, and 19 are directed to a system, method, or product program, which are/is one of the statutory categories of invention. (Step 1: YES).
The claimed invention is directed to an abstract idea without significantly more. 
Independent Claim 1 recites: 
“provide an automated risk analysis tool…”
“receive an indication of a selected insurance policy…”
“retrieve, from the existing insurance policy data store, the electronic record…”
“combining that retrieved information with third-party data…”
“receive an indication of a user selected revenue base…”
“normalize historic insurance premium values…”
“output the normalized historic insurance premium values…”
“calculate …a total cost of risk…”
“providing … information over time.…”
“initiate a business process.…”
“schedule an event…”
These limitations clearly relate to managing transactions/interactions between client and insurer.  These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructing to retrieve an existing insurance policy or calculate a total cost of risk recites a commercial or financial action, principle, or practice and managing interactions between people. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a commercial or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea).
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: 
“computer server”, “data store”, “electronic records”, “electronic record identifier”, “back-end application computer server”, “computer processor”, “computer memory storing non-transitory instructions”, “distributed communication network”, “email server”, “communication port”, “remote device to support a graphical interactive user interface display via a distributed communication network”: merely applying computer processing, storage, display, and networking technology  as  tools to perform an abstract idea 

are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes.  The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f).     For example, the Specification reads, [0028] The back-end application computer server 150 and/or the other elements of the system 100 might be, for example, associated with a Personal Computer (" PC"), laptop computer, smartphone, an enterprise server, a server farm, and/or a database or similar storage devices. Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 1 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Dependent Claims   recite additional elements.
This judicial exception is not integrated into a practical application. In particular, the recited additional elements of 
Claim 2: 
“interactive user interface display”, “user interface”: merely applying display technology  as a tool to perform an abstract idea
Claim 3: 
“interactive user interface display” , “user interface”: merely applying display technology  as a tool to perform an abstract idea
Claim 7: 
“interactive user interface display” , “user interface”: merely applying display technology  as a tool to perform an abstract idea
Claim 9: 
“interactive user interface display” , “interactive user interface display”: merely applying display technology  as a tool to perform an abstract idea
Claim 15: 
“back-end application computer server” , “user interface”: merely applying computer processing and  display technology  as  tools to perform an abstract idea
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes.    Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, these dependent claims are directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Independent Claim 17 recites:
“provide an automated risk analysis tool”
“receiving an indication of a selected insurance policy” 
“retrieving, from the existing insurance policy data store, the electronic record”
“receiving an indication of a user selected revenue base”
“normalizing historic insurance premium values”
“outputting the normalized historic insurance premium values”
“calculating …a total cost of risk”
These limitations clearly relate to managing transactions/interactions between client and insurer.  These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructing to retrieve an existing insurance policy or calculate a total cost of risk recites a commercial or financial action, principle, or practice and managing interactions between people. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a commercial or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea).
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: 
“computer server”, “data store”, “electronic records”, “electronic record identifier”, “back-end application computer server”, “computer processor”, “computer memory storing non-transitory instructions”, “distributed communication network”, “email server”, “communication port”, “remote device to support a graphical interactive user interface display via a distributed communication network”: merely applying computer processing, storage, display, and networking technology  as  tools to perform an abstract idea 
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes.  The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f).     For example, the Specification reads, [0028] The back-end application computer server 150 and/or the other elements of the system 100 might be, for example, associated with a Personal Computer (" PC"), laptop computer, smartphone, an enterprise server, a server farm, and/or a database or similar storage devices. Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 17 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
Independent Claim 19 recites:
“provide an automated risk analysis tool”
“receiving an indication of a selected insurance policy” 
“retrieving, from the existing insurance policy data store, the electronic record”
“receiving an indication of a user selected revenue base”
“normalizing historic insurance premium values”
“outputting the normalized historic insurance premium values”
“calculating …a total cost of risk”
These limitations clearly relate to managing transactions/interactions between client and insurer.  These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity. Specific instances include instructing to retrieve an existing insurance policy or calculate a total cost of risk recites a commercial or financial action, principle, or practice and managing interactions between people. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a commercial or financial action, principle, or practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. (Step 2A-Prong 1: YES. The claims recite an abstract idea).
This judicial exception is not integrated into a practical application. In particular, the claims recite the additional elements of: 
“computer server”, “data store”, “electronic records”, “electronic record identifier”, “back-end application computer server”, “computer processor”, “computer memory storing non-transitory instructions”, “distributed communication network”, “email server”, “communication port”, “remote device to support a graphical interactive user interface display via a distributed communication network”: merely applying computer processing, storage, display, and networking technology  as  tools to perform an abstract idea 
are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer components and/or electronic processes.  The additional elements merely add instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea, see MPEP 2106.05(f).     For example, the Specification reads, [0028] The back-end application computer server 150 and/or the other elements of the system 100 might be, for example, associated with a Personal Computer (" PC"), laptop computer, smartphone, an enterprise server, a server farm, and/or a database or similar storage devices. Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea and are at a high level of generality. Therefore, Claim 19 is directed to an abstract idea without a practical application.  (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer hardware amounts to no more than mere instructions to apply the exception using a generic computer component.  For example, the Specification reads, [0028] The back-end application computer server 150 and/or the other elements of the system 100 might be, for example, associated with a Personal Computer (" PC"), laptop computer, smartphone, an enterprise server, a server farm, and/or a database or similar storage devices. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept.  Accordingly, these additional elements, do not change the outcome of the analysis, when considered separately and as an ordered combination.  Thus, Claims 1-3, 6, 7, 9, 12, 15, 17, and 19 are not patent eligible. (Step 2B: NO. The claims do not provide significantly more) 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 7, 15, 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ng ("INFERENTIAL ANALYSIS USING FEEDBACK FOR EXTRACTING AND COMBINING CYBER RISK INFORMATION INCLUDING PROXY CONNECTION ANALYSES", U.S. Publication Number: 2017/0093904 A1)in view of Hunt (“BIAS REDUCTION USING DATA FUSION OF HOUSEHOLD PANEL DATA AND TRANSACTION DATA”, U.S. Publication Number: 2008/0319829 A1)
Regarding Claim 1,  
Ng teaches, A system to provide an automated risk analysis tool via a back-end application computer server of an enterprise, (Ng [Abstract] the present technology include methods of assessing risk of a cyber security failure / Ng [0035] FIG. 1 is a high level schematic diagram of a computing architecture (hereinafter architecture 100) of the present technology... which in some embodiments comprises a server or cloud-based computing device configured specifically to perform the diversity analyses described herein.)
comprising: (a) an existing insurance policy data store containing electronic records that represent a plurality of existing insurance policys between the enterprise and a plurality of users, (Ng [0100] A cyber policy (also referred to as a cyber insurance policy) as used herein includes any insurance policy covering any loss arising out of a security failure, including tangible and intangible property.  / Ng [0045] In another example, multiple variables are shared between numerous entities. This diversity relationship between the entities signifies a more prolific lack of diversity. / Ng [0208] The system 1705 can interrogate, for example, various databases such as corporate filings, news sources, and other public record databases. In another example, cloud services such as cloud storage and cloud computing environments can be assessed.)
wherein each electronic record includes an electronic record identifier (Ng [0110] This attribution identifies/represents the underlying data set / Ng [0044] The comparator module 125 is configured to identify variables shared between entities or groups of entities.)
and a set of historic insurance premium values associated with   attributes of a one of the users; (Ng [0095] assess insurance premiums  / Ng [0132] the system 505 is configured to evaluate each data point with respect to history, lineage, provenance (e.g., origin), source, time, entities and other details. /Ng [0134] In some embodiments, the system 505 then executes one or more models to generate scores, results, recommendations, delta values (changes in scores over time), as well as historical tracking of scores. / Ng [0133] As mentioned above, the system 505 can track entities and their attributes/elements over time. / Ng [0162] an entity's past and present cyber risk tracked against a static past peer group)
 (b) the back-end application computer server, coupled to the existing insurance policy data store, (Ng [0100] A cyber policy (also referred to as a cyber insurance policy) as used herein includes any insurance policy covering any loss arising out of a security failure, including tangible and intangible property.  / Ng [0208] The system 1705 can interrogate, for example, various databases such as corporate filings, news sources, and other public record databases. In another example, cloud services such as cloud storage and cloud computing environments can be assessed.  / Ng [0035] FIG. 1 is a high level schematic diagram of a computing architecture (hereinafter architecture 100) of the present technology. The architecture 100 comprises a diversity analysis system 105 (hereinafter also referred to as system 105), which in some embodiments comprises a server or cloud-based computing device configured specifically to perform the diversity analyses described herein.)
via a distributed communication network
(Ng [0237] In a networked deployment, the machine may operate in the capacity of a server or a client machine in a server-client network environment, or as a peer machine in a peer-to-peer (or distributed) network environment.)
including: a computer processor, and a computer memory storing non-transitory instructions that, when executed by the computer processor, cause the back-end application computer server to:
(Ng [0038] the system 105 comprises a processor 110 and memory 115 for storing instructions. The memory 115 can include an attribute module 120, a comparator module 125, a clustering module 130, a weighting module 135 and a recommendation module 140. As used herein, the terms “module” may also refer to any of an application-specific integrated circuit (“ASIC”), an electronic circuit, a processor (shared, dedicated, or group) 
Ng [0121] The cloud may be formed, for example, by a network of servers with each server (or at least a plurality thereof) providing processor and/or storage resources.)
 (i) receive an indication of a selected insurance policy between the enterprise and a selected entity, (ii) retrieve, from the existing insurance policy data store, the electronic record   via an encrypted database management system, the electronic record associated with the selected insurance policy, (Ng [0100] A cyber policy (also referred to as a cyber insurance policy) as used herein includes any insurance policy covering any loss arising out of a security failure, including tangible and intangible property.  / Ng [0032] In some instances, the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes / Ng [0043] In one embodiment, the comparator module 125 is executed to perform a variable comparison on all or a subset of the variables. The comparison can be for all or only a subset of all entities. The subset of variables can be selected by the end user, as well as the entities analyzed. / Ng [0238]  The computer system 1 may further include a data encryption module (not shown) to encrypt data. / Ng [0240] the term “computer-readable medium” should be taken to include a single medium or multiple media (e.g., a centralized or distributed database and/or associated caches and servers))
including the set of historic insurance premium values associated with attributes of the selected entity, (Ng [0132] the system 505 is configured to evaluate each data point with respect to history, lineage, provenance (e.g., origin), source, time, entities and other details. / Ng [0134] In some embodiments, the system 505 then executes one or more models to generate scores, results, recommendations, delta values (changes in scores over time), as well as historical tracking of scores. / Ng [0133] As mentioned above, the system 505 can track entities and their attributes/elements over time. / Ng [0162] an entity's past and present cyber risk tracked against a static past peer group)
without retrieving electronic records associated with other insurance policies, and combining that retrieved information with third-party data received from a third- party data source, to reduce a number of electronic records transmitted via the distributed communication network,
(Ng [0032] In some instances, the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes
Ng [0043] In one embodiment, the comparator module 125 is executed to perform a variable comparison on all or a subset of the variables. The comparison can be for all or only a subset of all entities. The subset of variables can be selected by the end user, as well as the entities analyzed.
Ng [0089] The cyber security policy may be a policy from an insurance company
Ng [0090]  In various embodiments, the policy is a policy from an insurance company
Ng [0123] can use vulnerability assessments generated by the entity or a third party, such as a cyber-security firm.)
(iii) receive an indication of a user selected revenue base for a most recent evaluation time period, (Ng [0039] In one embodiment, the variables can include...non-technical information such as revenue / Ng [0051] In one embodiment, the weighting is selected by an end user such as an insurer. For example, an insurer determines that industry serviced, gross revenue / Ng [0132] the system 505 is configured to evaluate each data point with respect to history, lineage, provenance (e.g., origin), source, time, entities and other details.)
(iv) receive a user selectable normalization parameter, said normalization parameter being selected from a set of potential normalization parameters that include all of: the selected entity's number of employees, the selected entity's amount of revenue 
(Ng [0032] In some instances, the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes
Ng [0043] In one embodiment, the comparator module 125 is executed to perform a variable comparison on all or a subset of the variables.
Ng [0039] customer profiles, as well as other non-technical information such as revenue, number of employees, years in business, and so forth.)
(v) normalize historic insurance premium values based on the received user selectable normalization parameter, and (vi) output the normalized historic insurance premium values; (Ng [0032] In some instances, the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes /  Ng [0132] Examples of cleansing and standardizing using data normalization are described in greater detail below. / Ng [0133] The system 505 is also configured to process rollups (e.g., summarizing the data along a dimension), aggregations, transforms, reductions, normalizations, deltas, as well as other types of data transformation or conversion processes that can also be used to convert the motivation/sophistication/combination elements into scores. / Ng [0028]  For cyber insurance risk, if insured entities are very similar to one another in a variety of key attributes such as revenue / Ng [0039] customer profiles, as well as other non-technical information such as revenue, number of employees, years in business, and so forth. / Ng [0126]  list of sources or resources: (a) Customer Reviews; (b) Employee reviews; ...Brand/Revenue; ...(k) Industry/Products;  )
and a claim analysis user interface providing on the claim analysis user interface at a same time:
(Ng [0041] using a variety of graphical user interfaces (GUIs) such as a dashboard, including various elements … The system 105 can use the dashboard to display messages or notifications as well as diversity scores, similarity scores, and/or recommendations. 
Ng [0030]  attributes can be aggregated 
Ng [0042] may gather variables for an entity by querying the entity for information, collecting information from available online sources... variables are input into the attribute module 120. The attribute module 120 can format or normalize the input as needed for consistency.
Ng [0043]  perform a variable comparison on all or a subset of the variables. 
Ng [0041] end users can access and interact with the system 105 using a variety of graphical user interfaces (GUIs) such as a dashboard, including various elements...dashboard to display messages or notifications)
 1. a first graph of risk frequency information over time, 2  a second graph of risk severity information over time, and 3. a third graph of resource split data over time;
(Ng [0017] graphical user interface (GUI) that comprises a scatter plot that represents a plurality of entities plotted according to their combination score.
Ng [0065]  The present technology provides information related to the updated information ... including differences (the amount of the change made in one or more updates, namely the delta), and trends (patterns over many time steps).
Ng [0075]  tracking aggregate cyber risk may track their diversity score over an adjustable time period, for example days, weeks, months, and/or years.
Ng [0040] how diverse their insured entities are with respect to cyber security risk relative to a wide and divergent set of variables. 
Ng [0067] report that informs the end user as to how many and what type of entities a portfolio should have to be balanced in terms of diversity, (e.g., with respect to cyber risk.)
Ng [0110] This attribution identifies/represents the underlying data set which affected the score change, and shows why, how much, and how the score changes.
Ng [0172]  to quantify how strong a threat actor would be required to execute a successful security failure of the entity.
Ng [0030]  determine similar attributes shared between pluralities of entities....may also share attributes with other entities
OVER TIME:
Ng [0075]  can take the form of a ... report, or other output that is actionable by the end user.... an insurance company or other entity tracking aggregate cyber risk may track their diversity score over an adjustable time period, for example days, weeks, months, and/or years.
Ng [0104]  This change over time may be accessible and/or charted for trending information
Ng [0109]  where scores are tracked over time
FIRST, SECOND, THIRD GRAPHS:
Ng [0136] create visual representations such as the graphs illustrated in FIGS. 6-12.
Ng [0147]  utilized to generate graphs and GUIs that display various scores 
Ng [0137] these various scores can be calculated over time...the scoring and plotting module 535 can calculate scores for groups of entities in an industry group, a geographical location, a company size, a technology sector, and so forth.)
and calculate, using a predictive model,  a total cost of risk for the selected entity, the total cost of risk including insurance premiums, (Ng [0100] A cyber policy as used herein includes security and privacy coverage, including regulatory coverage (e.g., FTC, Health Insurance Portability and Accountability Act (HIPPA)) covering fines and penalties, and defense costs and damages. The coverage provided by a cyber policy as used herein may provide for privacy breach coaches, forensic experts, a public relations campaign, cyber extortion, information asset recovery, business interruption (including for example, lost income, extra expenses, and/or all costs incurred but for the cyber security failure), or any other covered costs or losses. / Ng [0089] In various embodiments, the at least one element of policy criteria of the cyber security policy is a term and/or a condition. For example, a term and a condition may include a retention amount, a deductible, a premium, a coverage limit, a future valuation, a term length, and so forth. / Ng [0095] evaluate an aggregate risk and assess insurance premiums / Ng  [0098] The technology disclosed herein provides a cyber risk assessment, and provides methods and systems for improving a cyber risk assessment, by,....predicting the probability of a cyber attack / Ng  [0134] In some embodiments, the system 505 then executes one or more models to generate scores, results, recommendations)
retained losses (Ng [0100] or any other covered costs or losses.)
and (viii) adjust the predictive model to improve the model's ability to predict 
(Ng  [0098] The technology disclosed herein provides a cyber risk assessment, and provides methods and systems for improving a cyber risk assessment, by,....predicting the probability of a cyber attack
Ng  [0134] In some embodiments, the system 505 then executes one or more models to generate scores, results, recommendations 
Ng [0032] In some instances, the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes)
future costs associated with the total cost of risk;
(Ng [0098] determining the extent to which a cyber attack might cause damage. Exemplary methods plot the cyber risk within a peer group, which may be defined by industry, revenue, and/or any other appropriate metric.
Ng [0100]  business interruption (including for example, lost income, extra expenses, and/or all costs incurred but for the cyber security failure))
and (c) a communication port coupled to the back-end application computer server to facilitate a transmission of data with a remote device to support a graphical interactive user interface display via security features and the distributed communication network, the interactive user interface display including the total cost of risk for the selected  entity   calculated based on the normalized historic insurance premium values. (Ng [0205] Using VPN connections into a resource within an entity's network allows for communication through a secured connection with a VPN endpoint. / Ng [0121]  As an example, the system 505 can use an application program interface (API) or other communication interface.... The cloud may be formed, for example, by a network of servers with each server (or at least a plurality thereof) providing processor and/or storage resources. These servers may manage workloads provided by multiple users / Ng [0037] A suitable network 105B may include or interface with any one or more of, for instance, a local intranet,... a dial-up port such as a V.90, V.34 or V.34bis analog modem connection, a cable modem, an ATM (Asynchronous Transfer Mode) connection / Ng [0041] In some embodiments, entities and end users can access and interact with the system 105 using a variety of graphical user interfaces (GUIs) such as a dashboard, including various elements as described herein. / Ng [0050] The diversity score can be represented variously as a fraction, a decimal, or a percentage, and may be included in the graphical user interface (e.g., dashboard.) Additionally, or alternatively, the diversity score may be normalized into a number within a user-defined, or predefined, range, similar to a credit score. / Ng [0100] A cyber policy as used herein includes security and privacy coverage, including regulatory coverage (e.g., FTC, Health Insurance Portability and Accountability Act (HIPPA)) covering fines and penalties, and defense costs and damages. The coverage provided by a cyber policy as used herein may provide for privacy breach coaches, forensic experts, a public relations campaign, cyber extortion, information asset recovery, business interruption (including for example, lost income, extra expenses, and/or all costs incurred but for the cyber security failure), or any other covered costs or losses. / Ng [0089] In various embodiments, the at least one element of policy criteria of the cyber security policy is a term and/or a condition. For example, a term and a condition may include a retention amount, a deductible, a premium, a coverage limit, a future valuation, a term length, and so forth. / Ng [0205]  allows for communication through a secured connection with a VPN endpoint. / Ng [0206] VPN access provides secure tunneling to resources from a computing device  )
and (d) an email server  coupled to the back-end application computer server, and adapted to automatically transmit an electronic mail message associated with the total cost of risk 
(Ng [0039] technologies a company might employ (e.g., internally and externally for Internet communication such as e-mail, website, and social media online presence) such as CDN provider, cloud service provider, server type
Ng [0120] The data collecting device may be on the company's network and/or its periphery, and may collect and/or analyze the data, while also transmitting it to system 505.
Ng [0028] a plurality of web hosting provider may source their servers)
for the selected entity 
(Ng [0032] In some instances, the end user can adjust the attributes and/or select which attributes are important to them and the system will analyze only these attributes
Ng [0043] In one embodiment, the comparator module 125 is executed to perform a variable comparison on all or a subset of the variables.)
calculated based on the normalization of the historic insurance premium values.
(Ng [0132] Examples of cleansing and standardizing using data normalization are described in greater detail below.
Ng [0133] The system 505 is also configured to process rollups (e.g., summarizing the data along a dimension), aggregations, transforms, reductions, normalizations, deltas, as well as other types of data transformation or conversion processes that can also be used to convert the motivation/sophistication/combination elements into scores.
Ng [0132] the system 505 is configured to evaluate each data point with respect to history, lineage, provenance (e.g., origin), source, time, entities and other details. 
Ng [0134] In some embodiments, the system 505 then executes one or more models to generate scores, results, recommendations, delta values (changes in scores over time), as well as historical tracking of scores.
Ng [0133] As mentioned above, the system 505 can track entities and their attributes/elements over time.
Ng [0095] assess insurance premiums)
(e) a workflow server  coupled to the back-end application computer server, and adapted to automatically initiate a business process based on the normalized historic insurance premium values; based on the normalization of the historic insurance premium values.
(Ng [0121]  The cloud may be formed, for example, by a network of servers with each server (or at least a plurality thereof) providing processor and/or storage resources
Ng [0089] a term and a condition may include a retention amount, a deductible, a premium...and so forth.
Ng [0095]  evaluate an aggregate risk and assess insurance premiums
Ng [0134] generates module-ready data for use with matrices of elements ... to generate scores, results, recommendations, delta values (changes in scores over time), as well as historical tracking  
Ng [0085] variables of the new entity to the variables of the previously analyzed entities and performing 415 an updated comparison of variables. 
Ng [0132] cleansing and standardizing using data normalization are described in greater detail below.
Ng [0028] a plurality of web hosting provider may source their servers)
insurance premium
(Ng [0089] a deductible, a premium
Ng [0095]  assess insurance premiums)
Ng does not teach and risk control costs to provide risk analysis for an insurance policy; and the selected entity's quantity of product; (f) a calendar server coupled to the back-end application computer server, and adapted to automatically schedule an insurance audit or review   based on the normalization of the   historic … values.
Hunt teaches,
and risk control costs to provide risk analysis for an insurance policy; (Hunt [0147] This representation of the data, when combined with the analytic methods and techniques, and a delivery infrastructure, may minimize the processing time and cost and maximize the performance and value for the end user.  / Hunt [0296]  Alternatively or additionally, this step may involve pre-aggregating data so as to avoid the cost of aggregating data at query time. / Hunt [0297] without the relatively costly step of pre-aggregating data.)
and the selected entity's quantity of product
(Hunt [0412] Attributes of the sales targets may be Plan Volume (Volume in Lbs or other units), Plan Units (Number of units, Quantity))
(f) a calendar server coupled to the back-end application computer server, and adapted to automatically schedule an insurance audit or review   based on the normalization of the   historic …values
(Hunt [0150] unified reporting and solutions framework, providing on-demand and scheduled reports
Hunt [0444] “time align” information linked to specific events, merchandising activities, and other calendar-based events.
Hunt [0283] include systems for physically securing the server hardware
Hunt [0203] similar attributes may be normalized …attributes may be included in a normalized attribute set
Hunt [1158] Users may view historic due-tos and sales drivers)
It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the risk assessment teachings of Ng to incorporate the bias reduction teachings of Hunt to “analyze consumer behaviors, to predict likely outcomes of decisions relating to an enterprise's activities, and to project from sample sets of data to a larger universe.” (Hunt [0006]).        The modification would have been obvious, because it is merely applying a known technique (i.e. bias reduction) to a known concept (i.e. the risk assessment) ready for improvement to yield predictable result (i.e. “better business intelligence in order to accelerate revenue growth, make business intelligence more customer-driven, to gain insights about markets in a more timely fashion, and a need for data projection and release methods and systems that provide improved dimensional flexibility, reduced query-time computational complexity, automatic selection and blending of projection methodologies, and flexibly applied releasability rules.” Hunt [0008])
Regarding Claim 2,  
Ng and Hunt teach the system of Claim 1 as described earlier.
Ng teaches, wherein the interactive user interface display includes a dashboard setup user interface providing at least one of: (i) entity identifier and sub-relationship selection, (ii) relationship term selection, (iii) relationship year selection , (iv) final risk value selection, (v) resources per term selection, (vi) normalization parameter selections, (vii) metric inclusion selection, (viii) an additional instructions link, (ix) a training material link, and (x) a resources link. (Ng [0041] In some embodiments, entities and end users can access and interact with the system 105 using a variety of graphical user interfaces (GUIs) such as a dashboard / Ng [0039] In various embodiments, the breadth and type of variables that can be analyzed and correlated are unlimited. In some embodiments, the breadth and type of variables that can be analyzed and correlated for the company and for their industry peers, for comparison, may be limited by breadth and type of information that is available at online sources concerning the same. Again, an end user can define or specify the types of variables that are of interest to them. / Ng [0051] In one embodiment, the weighting is selected by an end user such as an insurer. For example, an insurer determines that industry serviced, gross revenue, and customer country of origin are important variables to analyze, (e.g., for assessing individual and aggregate cyber risk.))
Regarding Claim 3,  
Ng and Hunt teach the system of Claim 1 as described earlier.
Ng teaches, wherein the interactive user interface display includes a scorecard user interface providing: (i) an entity identifier, and (ii)   values of attributes of the selected entity arranged by sub-relationships. (Ng [0041] In some embodiments, entities and end users can access and interact with the system 105 using a variety of graphical user interfaces (GUIs) such as a dashboard / Ng [0039] In various embodiments, the breadth and type of variables that can be analyzed and correlated are unlimited / Ng [0110] This attribution identifies/represents the underlying data set / Ng [0120] variables or a subset of the variables can be compared /  Ng [0028] if insured entities are very similar to one another in a variety of key attributes such as revenue, clientele, industry, technology utilized such as / Ng [0044] The comparator module 125 is configured to identify variables shared between entities or groups of entities.  / Ng [0003]  assessing risk of a cyber security failure in one or more computer networks for an entity...based on the proxy score...based on the assessed risk, computer network changes for the one or more computer networks score to reduce the assessed risk)
Regarding Claim 7,  
Ng and Hunt teach the system of Claim 1 as described earlier.
Ng teaches, wherein the interactive user interface display includes a trend analysis user interface providing: (i) frequency, (ii) a closure rate graph, (iii) a severity graph, and (iv) an insurance claim duration graph. (Ng [0041] In some embodiments, entities and end users can access and interact with the system 105 using a variety of graphical user interfaces (GUIs) such as a dashboard / Ng [0065] The present technology provides information related to the updated information (the new diversity score), including...trends (patterns over many time steps). / Ng [0104] This change over time may be accessible and/or charted for trending information, which may be useful for planning and/or changing policy criteria (including the premium) for the policy. / Ng [0128] Examples of motivation elements include:...duration)




























Regarding Claim 15, 
Ng and Hunt teach the system of Claim 1 as described earlier.
Ng does not teach (i) arrange for a user associated with an entity to logon and access the interactive user interface display,  	(ii) arrange for a user associated with an entity to modify the interactive user interface display, 	(iii) allow for potential sub-relationships to be added to the interactive user interface display, (iv) allow for relationships with other enterprises to be added to the interactive user interface,  	 
Hunt teaches, 
(i) arrange for a user associated with an entity to logon and access the interactive user interface display,  (Hunt [1260] Business reporting associated with an analytic platform 100 may support a user interface 182 that facilitates user access to business reporting, such as through a login process. Such a user interface 182 to business reporting may facilitate easy user access to rich attributes and granular data associated with the analytic platform 100 methods and systems.)
(ii) arrange for a user associated with an entity to modify the interactive user interface display, (Hunt [1262] Business reporting may also simplify regular tasks and provide each user with a personalized dashboard upon login that facilitates access to reports and analysis that may be tailored for the user.)
(iii) allow for potential sub-relationships to be added to the interactive user interface display, (iv) allow for relationships with other enterprises to be added to the interactive user interface, (Hunt [1433] In embodiments, a new data hierarchy associated with a customer relationship management data set may be added in an analytic platform to create a custom data grouping, where the new data hierarchy may be added during a user's analytic session. / Hunt [1039]  This file may be used to define the parent/child relationships for each Category.)
 (v) provide an ability to process fictional data, (Hunt [0167] A causal bitmap fake facility 130 may be associated with the data mart 118. / Hunt [0323] Causal Bitmap Fake 130 may be an intermediate table for use as a bridge table in data analysis, the bridge table containing only those causal permutations of the fact data that are of interest.)
It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the risk assessment teachings of Ng to incorporate the bias reduction teachings of Hunt to “analyze consumer behaviors, to predict likely outcomes of decisions relating to an enterprise's activities, and to project from sample sets of data to a larger universe.” (Hunt [0006]).        The modification would have been obvious, because it is merely applying a known technique (i.e. bias reduction) to a known concept (i.e. the risk assessment) ready for improvement to yield predictable result (i.e. “better business intelligence in order to accelerate revenue growth, make business intelligence more customer-driven, to gain insights about markets in a more timely fashion, and a need for data projection and release methods and systems that provide improved dimensional flexibility, reduced query-time computational complexity, automatic selection and blending of projection methodologies, and flexibly applied releasability rules.” Hunt [0008])

Claim 17 is rejected on the same basis as Claim 1.
Claim 19 is rejected on the same basis as Claim 1.
Claims 9 is rejected under 35 U.S.C. 103 as being unpatentable over Ng and Hunt in view of Peng (“PERFORMANCE ESTIMATION SYSTEM UTILIZING A DATA ANALYTICS PREDICTIVE MODEL”, U.S. Publication Number: 2017/0300824 A1)
Regarding Claim 9, 
Ng and Hunt teach the system of Claim 1 as described earlier.
Ng teaches,
over time for multiple risk attributes (Ng [0075] Exemplary methods and systems according to the present technology may also provide benchmarking over time. In this manner, an insurance company or other entity tracking aggregate cyber risk may track their diversity score over an adjustable time period, for example days, weeks, months, and/or years. / Ng [0109] where scores are tracked over time, the system 505 can also be configured to periodically reassess the cyber risk of an entity. / Ng [0133]  As mentioned above, the system 505 can track entities and their attributes/elements over time.)
Ng does not teach wherein the interactive user interface display includes a claim metric detail user interface providing:  (i) a total event count over time, and (ii) a graphical representation of the  insured losses  
Peng teaches,
 wherein the interactive user interface display includes a claim metric detail user interface providing (Peng [0003] An indication associated with the future performance estimation value for the risk association of at least one entity in connection with its plurality of relationships may then be transmitted to generate an interactive user interface display. / Peng [0038] For example, at least some of the record characteristic values may be associated with insurance policy data 570)
 at least one of:   (i) a total event count over time, and (Peng [0038]  at least some of the record characteristic values may be associated with insurance policy data 570, such as ...a number of claims)
(ii) a graphical representation of the  insured losses  (Peng [0041] an exemplary mixed effect model calculator display 600 (e.g., associated with a loss driven model calculator) that might be associated with various embodiments described herein. / Peng [0051]  The output of the mixed effect model may be the future performance estimation values 910 (e.g., a risk score, predicted premium, loss ratio, etc.))
It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the risk assessment teachings of Ng to incorporate the performance estimation teachings of Peng for a “data analytics mixed effect predictive model (that) may then generate, based on the fixed and random effect variables, a future performance estimation value for the risk association of each entity in connection with its plurality of relationships.” (Peng [0003]).        The modification would have been obvious, because it is merely applying a known technique (i.e. performance estimation) to a known concept (i.e. the risk assessment) ready for improvement to yield predictable result (i.e. “It would be desirable to provide systems and methods to automatically provide a future performance estimation assessment tool that generates faster, more accurate future performance estimation values and allows for flexibility and effectiveness when responding to those values.” Peng [0002])
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Ng and Hunt in view of McNair (“INSURANCE RISK SCORING BASED ON CREDIT UTILIZATION RATIO”, U.S. Patent Number: US 10572945 B1)
Regarding Claim 12, 
Ng and Hunt teach the system of Claim 3 as described earlier.
Ng does not teach wherein at least one sub-relationship is associated with   automotive   insurance 
McNair teaches,
wherein at least one sub-relationship is associated with   automotive   insurance. (McNair [Col 2, Lines 1-2] The use of credit data in underwriting and pricing of personal automobile insurance. / McNair [Col 22, Lines 35-37] empirical financial stress variability is used as a relationship to determine claim risk for other insurance types such as property, auto, life, casualty, etc.)
It is prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the risk assessment teachings of Ng to incorporate the risk scoring teachings of McNair   “for classifying insurance risk, for insurance risk scoring, or for incorporating a power-spectrum-based temporal pattern-specific weight into an actuarial method to enhance the loss ratio estimation accuracy and statistical financial performance of insurance products and health plans.” (McNair   [Abstract]).        The modification would have been obvious, because it is merely applying a known technique (i.e. risk scoring) to a known concept (i.e. the risk assessment) ready for improvement to yield predictable result (i.e. “The use of credit data has allowed insurers to establish that some insured individuals, traditionally classified as “standard,” can qualify as “preferred” when evaluated by these models. Studies have shown that even insured individuals with prior violations or accidents but having good credit behavior can have better loss ratio performance than insured individuals who have no accidents or violations but who have poor credit..” McNair [Col 2, Lines 10-18]) 

Response to Remarks
Applicant's arguments filed on May 16, 2022, have been fully considered and Examiner’s remarks to Applicant’s amendments follow.   


Response Remarks on Claim Rejections - 35 USC § 101
The Applicant states:
“To resolve these problems, some embodiments provide for the processing and conversion of significant amounts of data, as well as the interaction of a variety of specialized client and/or third-party systems, networks and subsystems. These aspects provide for information to be processed, updated, and analyzed via the back-end application server to accurately improve the analysis of risk and the exchange of information, thus improving the overall efficiency of the system. See, e.g., para. [0026] of Applicant's specification. The present invention is a specific advancement in the area of electronic risk protection by providing benefits in data accuracy, data availability, and data integrity. See, e.g., para. [0026] of Applicant's specification. As described above, the system may interact with different entities to combine data, normalize values, calculate - using a predictive model - a total cost or risk, adjust the model, display a user interface, automatically transmit an electronic message, automatically initiate a business process and automatically schedule an event.. .. Applicant also respectfully suggests that the back-end application computer server's exchange of information with a predictive model so that the insurer can adjust a predictive model associated with the total cost of risk (e.g., to improve the model's ability to predict future costs) improves the operation of the computer system and thus represents eligible subject matter. "
Examiner responds:
Examiner asserts that “risk protection … data accuracy, data availability, and data integrity” are all abstract ideas as are “combine data, normalize values, calculate - using a predictive model - a total cost or risk, adjust the model, display a user interface, automatically transmit an electronic message, automatically initiate a business process and automatically schedule an event”
Examiner maintains that “analyzing risks …and understanding particular amounts of risk and the impact that such risk has had on … performance”  falls under the grouping of Fundamental economic principles or practices (including hedging, insurance, mitigating risk) which is covered by Certain Methods of Organizing Human Activity.
   The “client and/or third-party systems, networks and subsystems” are all generic components. The Specification reads, [0028] The back-end application computer server 150 and/or the other elements of the system 100 might be, for example, associated with a Personal Computer (" PC"), laptop computer, smartphone, an enterprise server, a server farm, and/or a database or similar storage devices.
The Applicant states:
“Applicant again directs the Examiner's attention to Cosmokey Solutions GMBH & Co. v. 
Duo Security LLC (CAFC Case: 20-2043, October 4, 2021). In a similar situation, the Court  
reversed a lower Court's finding that claims were ineligible for patent prosecution under 35 USC §101 holding: ("[t]he specification explains that these features in combination with the other elements of the claim constitute an improvement that increases computer and network security, prevents a third party from fraudulently identifying itself as the user, and is easy to implement and can be carried out even with mobile devices of low complexity.... Here, as the specification itself makes clear, the claims recite an inventive concept by requiring a specific set of ordered steps that go beyond the abstract idea identified by the district court and improve upon the prior art by providing a simple method that yields higher security.") (emphasis added) (Page 14). The current Specification provides abundant details about the improvements provided by various claimed embodiments of the invention, as described in the preceding paragraph of "the specification [that] emphasizes the inventive nature of [the claimed] steps." See, e.g., Page 13 of the Court's holding on Cosmokey. Similar to Cosmokey, the current claims: "
Examiner responds:
In Cosmokey Solutions GMBH & CO. v. Duo Security LLC, the Court found the "patent claims and specification recite a specific improvement to authentication that increases security, prevents unauthorized access ...nothing in the specification or anywhere else in the record supports the district court’s suggestion that the last four claim steps....are conventional." This implies the patent overcame all prior art references to assert that its actions are not well-understood, routine, and conventional, see MPEP 2106.05(d). The features of the Applicant’s instant application are well known in the art as covered by the prior art references. 
Therefore, the rejection under  35 USC § 101


Response Remarks on Claim Rejections - 35 USC § 103
Applicant's  amendments to the independent claims required the application of no new/additional prior art. 
The Applicant states:
“The Examiner cites a portion of Ng that discloses multiple variables on a single plot as satisfying the recited claim feature of a claim analysis user interface providing on the claim analysis user interface at a same time: 1. risk frequency information over time, 2. risk severity information over time, and 3. resource split data over time. However, with the current amendments of the independent claims, the claim feature of the claim analysis user interface is now further defined as providing three individual graphs at a same time. With this definition, the claim element in question is clearly not satisfied by Ng's single plot... "
Examiner responds:
Examiner maintains the Ng describes an interface providing three individual graphs at a same time:
Ng [0030]  attributes can be aggregated 
Ng [0041] using a variety of graphical user interfaces (GUIs) such as a dashboard, including various elements … The system 105 can use the dashboard to display messages or notifications as well as diversity scores, similarity scores, and/or recommendations. 
FIRST, SECOND, THIRD GRAPHS:
Ng [0136] create visual representations such as the graphs illustrated in FIGS. 6-12.
Ng [0147]  utilized to generate graphs and GUIs that display various scores 
The Applicant states:
“Simply performing a variable comparison on a subset of variables, as described by Ng, does not display values arranged (in the UI) by sub-relationships, as explicitly required by claim 3... "
Examiner responds:
Examiner could not find an instance within the Specification that precisely defines “sub-relationships”. Applicant is welcomed to provide more clairity.
Otherwise, Examiner maintains that Ng teaches sub-relationships:
Ng [0043]  perform a variable comparison on all or a subset of the variables.
Ng [0039] In various embodiments, the breadth and type of variables that can be analyzed and correlated are unlimited 
Ng [0110] This attribution identifies/represents the underlying data set 
Ng [0120] variables or a subset of the variables can be compared
Therefore, the rejection under  35 USC § 103 remains.
Prior Art Cited But Not Applied



























The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Odutola (“SYSTEM AND METHOD FOR DETECTING, PROFILING AND BENCHMARKING INTELLECTUAL PROPERTY PROFESSIONAL PRACTICES AND THE LIABILITY RISKS ASSOCIATED THEREWITH”, U.S. Publication Number: 2018/0330456 A1) proposes detecting, profiling and benchmarking Intellectual Property (IP) law professional liability risks and professional liability insurance risks and value associated with IP prosecution.	 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
 Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHINEDU EKECHUKWU whose telephone number is (571)272-4493.  The examiner can normally be reached on Mon-Fri 9 AM ET to 3:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine M. Behncke can be reached on (571) 272-8103.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.E./Examiner, Art Unit 3697
/HAO FU/Primary Examiner, Art Unit 3697