DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is responsive to the communications filed on 8 April 2022.  Claims 1-8, 10-17 and 20-23 are pending.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 5, 7, 11-13, 15, 17, 21 and 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over Seiver et al. (Hereinafter, Seiver, US 2017/0078322 A1) in view of Kapczynski et al. (Hereinafter, Kapczynski, US 10,102,570 B1).
Per claim 1, Seiver discloses a method for automatically detecting and mitigating risks related to cybersecurity in a Building Management System (BMS) (e.g., Block  1112 as shown in Fig. 11; Abstract; paragraph [0006], “…The system can then automatically determine weaknesses in the network, such as a previously unknown communication path between secure and insecure parts of the network, and quantify risks associated with the network, e.g., a loss to a company if a network device or user account were compromised...  “; paragraph [0091]; paragraph [0136]; paragraph [0139], “Additionally, the system can automatically determine a compromise risk value for each node and/or each user account, associated with the network.  The system can then determine a network compromise risk value, e.g., by combining in some manner, such as summing, the compromise risk values for each node and/or user account in the network ...  “; paragraph [0150]; paragraph  , “To facilitate this enablement, the system monitors network device risk values and user account risk values (block 1112).  The system determines risk values periodically, and maintains (e.g., in one or more databases) multitudes of risk values for each network device and user account over lengths of time.”), the method comprising: 
evaluating settings of a user account of the BMS (e.g., determining access rights of user accounts 500 as shown in Fig. 5; paragraph [0123-0128] describe evaluating the access rights settings of a user account; Fig. 12B illustrates evaluating settings of a user account of the BMS; paragraphs [0228-0236]); 
identifying a first security risk associated with the settings of the user account (e.g., metric 934  as shown in Fig. 9B; paragraph [0178], “ Similarly, the system has determined that a metric 934 affecting user account risk values is associated with administrative accounts having excessive privileges (e.g., as described above with respect to FIG. 5), and includes information describing the metric.  In the example user interface 920, the system has determined that "60" users have unnecessary privileges, including "24" administrative users, and further indicates a most recent time that the metric has improved (e.g., improved greater than a threshold, such as by a threshold percentage reduction of users, or by an actual threshold reduction in number of users). “);
 evaluating settings of a network device of the BMS (e.g., network risk assessment 400 as shown in Fig. 4; paragraphs [0104-0114]; paragraphs [0207-0219]; Fig. 12A illustrate evaluating settings of a network device of the BMS); 
identifying a second security risk associated with the settings of the network device (e.g., metrics 922 as shown in Fig. 9B; paragraph [0177]); 
presenting a user interface to a user on a user device (e.g., user interface 920 as shown in Fig. 9B; paragraph [0177], “ As illustrated in FIG. 9B, the system can provide description of summary data associated with user account risk values and/or network device risk values.  For instance, the user interface 920 indicates metrics 922 that are most affecting the network device risk values of network devices.  As an example, the system has determined one or more metrics indicating that a large percentage (e.g., greater than a threshold) of network devices are executing applications known to be trivially exploitable (e.g., comprised without extensive effort by a hacker)…  “; paragraph [0294] ), wherein the user interface allows the user to view a policy recommendation associated with the first security risk or the second security risk (e.g., text 924 as shown in Fig. 9B; paragraph [0023]; paragraph [0177], “ … The user interface 920 includes text 924 (e.g., the system can store textual descriptions) describing the metric, and indicates a percentage of network devices 926 that are affected (e.g., executing exploitable software), along with an indication of when the metric was last improved, for example from a previous determination of the metric.  Additionally, the user interface 920 includes a percentage of critical network devices 928 (e.g., network devices indicated to the system as being critical, or network devices determined to be critical according to a name of the network device, such as a domain controller, or according to a determined critical area as described above in FIG. 2E) ...  “); but does not expressly disclose:
presenting, on the user interface, details regarding the first security risk associated with the settings of the user account and an account settings selectable button that, upon selection, navigates the user to an account settings page comprising information regarding [[for]] the user account; and 
implementing a change in the settings of the user account or a change in the settings of the network device within the BMS based at least in part on an input received from the user from the account settings page after the selection of the account settings selectable button.  
However, Kapczynski discloses:
presenting (e.g., Step ), on the user interface (e.g., user interface 500  as shown in Fig. 5), details regarding the first security risk associated with the settings of the user account (e.g., Alert 502 as shown in  Fig. 5) and an account settings selectable button (e.g., Option 504 and Option 506 as shown in Fig. 5) (column 7, lines 47-59, “ FIG. 5 is an illustrative user interface 500 that may be generated by the account analysis system 100 in order to provide a user with alerts and suggested remedies for potential account vulnerabilities determined by the risk analysis module 150. As illustrated, the user interface 500 includes an alert 502 indicating that someone could change the user's password for the user's account with the “LMR Credit Union” service based in part on the user's profile information on social networking service “SocialSite.” For example, the account analysis system 100 may have determined that the answer to an account security question asked by the LMR Credit Union service during password recovery procedures is listed on the user's profile page for SocialSite.  “) that, upon selection, navigates the user to an account settings page comprising information regarding [[for]] the user account (column 7, lines 60-67,” …The illustrative user interface 500 includes suggested remedial actions, including an option 504 which the user may select in order to be presented with one or more user interfaces that enable him to change his account settings with LMR Credit Union and an option 506 which the user may select in order to be presented with one or more user interfaces that enable him to edit his profile information and privacy settings with the SocialSite service. ‘“; column 8, lines 1-13 and Fig. 8 describe presenting alert history and alert settings for a user’s different accounts ); and
 implementing a change in the settings of the user account or a change in the settings of the network device within the BMS based at least in part on an input received from the user from the account settings page after the selection of the account settings selectable button (Abstract, “ …An alert may be generated regarding a determined takeover risk, which may include suggested actions for remedying the risk. “; column 1, lines 55-58, “…The account analysis system may then generate alerts regarding identified vulnerabilities, and may provide information regarding suggested account changes for remedying the identified vulnerabilities.  “; column 7, lines 60-67, “ …The illustrative user interface 500 includes suggested remedial actions, including an option 504 which the user may select in order to be presented with one or more user interfaces that enable him to change his account settings with LMR Credit Union and an option 506 which the user may select in order to be presented with one or more user interfaces that enable him to edit his profile information and privacy settings with the SocialSite service. “; column 8, lines 14-17, “  The user may select the “view alert information” option 604 in order to view more information regarding the alert for the ABC Email service and information regarding recommended remedial actions to be taken ….  “).  Examiner’s Note: Kapczynski teaches and suggest a selectable button that navigates a user to an account settings page from which the user may change the settings of the user account to resolve a security risk after a selection of the selectable button
It would have been obvious to a person of ordinary skill in the art at the effective filing date of the claimed invention to include Kapczynski’s account vulnerability alerts in the risk assessment system of Seiver in order to improve security  by generating alerts regarding identified vulnerabilities and providing information regarding suggested account changes for remedying the identified vulnerabilities as suggested by Kapczynski (See column 1, lines 55-58).  
Per claim 2, Sevier and Kapczynski disclose the method of claim 1, wherein identifying the first security risk comprises (Sevier, e.g., summary information1506 as shown in Fig. 15; paragraph [0264]) at least one selected from a group of: 
determining that the user account has an inactive session without a session timeout period (Sevier, e.g., Fig. 27 illustrates determining that the user account has an inactive session without a session timeout period, i.e., systems lacking endpoint visibility; paragraph [0314]); 
determining that the user account has a password that does not expire(Sevier, paragraph [0195], “ … For instance, the system can determine whether user accounts are required to have changed passwords periodically, and if not, the system can increase the metric, and thus compromise vulnerabilities, of all affected user accounts ….  “); 
determining that the user account does not have a password history policy(Sevier, paragraph [0202]); 
determining that the user account does not have lockout settings; 
determining that the user account has a lockout policy that has a number of attempts greater than a first threshold or a lockout time greater than a second threshold; 
determining that the user account is dormant (Sevier, paragraph [0202], “ To determine a total risk value for the user accounts, the system can determine …. a number of stale administrator accounts (e.g., a number of administrative accounts with no logons in a prior time period such as 30 days) …“; paragraph [0259], “ …  Additional examples can include an investment to remove inactive network devices, remove user accounts with administrative privileges that haven't been used in a threshold time period, and so on “; paragraph [0272]); 
determining that the user account has a maximum password age greater than a third threshold (Sevier, paragraph [0202], “ To determine a total risk value for the user accounts, the system can determine …. a number of administrative accounts with old passwords (e.g., a number of accounts with passwords that haven't been changed in longer than a threshold such as 180 days) … “); 
determining that the user account has an inactive session period greater than a fourth threshold (Sevier, paragraph [0259], “ …  Additional examples can include an investment to remove inactive network devices, remove user accounts with administrative privileges that haven't been used in a threshold time period, and so on “); and 
determining that the user account is a temporary user account.  
Per claim 3, Sevier and Kapczynski disclose the method of claim 1, wherein the first security risk is more severe than the second security risk, the method further comprising: 
presenting, on the user interface, the first security risk as a critical issue (Sevier, e.g., ‘Top Investments’ as shown in Fig. 18; paragraph [0266]; paragraph [0091-0092]; ‘Critical Host’ 928 as shown in Fig. 9B; paragraph [0177], “ … Additionally, the user interface 920 includes a percentage of critical network devices 928 (e.g., network devices indicated to the system as being critical, or network devices determined to be critical according to a name of the network device, such as a domain controller, or according to a determined critical area as described above in FIG. 2E)….   “ ); and 
presenting, on the user interface, the second security risk as a potential risk(Sevier, e.g., ‘Top Concerns’ as shown in Fig. 18; paragraph [0177], “ …The user interface 920 includes text 924 (e.g., the system can store textual descriptions) describing the metric, and indicates a percentage of network devices 926 that are affected (e.g., executing exploitable software), along with an indication of when the metric was last improved, for example from a previous determination of the metric ...   “; paragraph [0269]).  
Per claim 5, Sevier and Kapczynski disclose the method of claim 1, wherein the network device comprises a server of the BMS (Sevier, paragraph [0052]; paragraph [0158]).  
Per claim 7, Sevier and Kapczynski disclose the method of claim 1,  further comprising presenting, on the user interface, an assessment of all user accounts associated with the BMS and an assessment of all network devices associated with the BMS (Sevier, e.g., Figs. 9A-9D; paragraphs [0206], [0227], [0294], and [0308] ).  
Per claim 11, Sevier discloses a Building Management System (BMS) (e.g., Risk Assessment System 100 as shown in Fig. 8; paragraph [0069]) comprising: 
one or more processors (e.g., Central Processing Unit (CPU) 150 as shown in Fig. 8); and 
one or more computer-readable storage media having instructions stored thereon that, when executed by the one or more processors(e.g., Memory 130 as shown in Fig. 8; paragraph [0158]), cause the one or more processors to implement operations comprising: 
evaluating settings of a user account of the BMS (e.g., determining access rights of user accounts 500 as shown in Fig. 5; paragraph [0123-0128] describe evaluating the access rights settings of a user account; Fig. 12B illustrates evaluating settings of a user account of the BMS; paragraphs [0228-0236]); 
identifying a first security risk associated with the settings of the user account (e.g., metric 934  as shown in Fig. 9B; paragraph [0178], “ Similarly, the system has determined that a metric 934 affecting user account risk values is associated with administrative accounts having excessive privileges (e.g., as described above with respect to FIG. 5), and includes information describing the metric.  In the example user interface 920, the system has determined that "60" users have unnecessary privileges, including "24" administrative users, and further indicates a most recent time that the metric has improved (e.g., improved greater than a threshold, such as by a threshold percentage reduction of users, or by an actual threshold reduction in number of users). “);
 evaluating settings of a network device of the BMS (e.g., network risk assessment 400 as shown in Fig. 4; paragraphs [0104-0114]; paragraphs [0207-0219]; Fig. 12A illustrate evaluating settings of a network device of the BMS); 
identifying a second security risk associated with the settings of the network device (e.g., metrics 922 as shown in Fig. 9B; paragraph [0177]); 
presenting a user interface to a user on a user device (e.g., user interface 920 as shown in Fig. 9B; paragraph [0177], “ As illustrated in FIG. 9B, the system can provide description of summary data associated with user account risk values and/or network device risk values.  For instance, the user interface 920 indicates metrics 922 that are most affecting the network device risk values of network devices.  As an example, the system has determined one or more metrics indicating that a large percentage (e.g., greater than a threshold) of network devices are executing applications known to be trivially exploitable (e.g., comprised without extensive effort by a hacker)…  “; paragraph [0294] ), wherein the user interface allows the user to view a policy recommendation associated with the first security risk or the second security risk (e.g., text 924 as shown in Fig. 9B; paragraph [0023]; paragraph [0177], “ … The user interface 920 includes text 924 (e.g., the system can store textual descriptions) describing the metric, and indicates a percentage of network devices 926 that are affected (e.g., executing exploitable software), along with an indication of when the metric was last improved, for example from a previous determination of the metric.  Additionally, the user interface 920 includes a percentage of critical network devices 928 (e.g., network devices indicated to the system as being critical, or network devices determined to be critical according to a name of the network device, such as a domain controller, or according to a determined critical area as described above in FIG. 2E) ...  “);but does not expressly disclose:
presenting, on the user interface, details regarding the first security risk associated with the settings of the user account and an account settings selectable button that, upon selection, navigates the user to an account settings page for the user account; and 
implementing a change in the settings of the user account or a change in the settings of the network device within the BMS based at least in part on an input received from the user from the account settings page after the selection of the account settings selectable button.   
However, Kapczynski discloses:
presenting (e.g., Step ), on the user interface (e.g., user interface 500  as shown in Fig. 5), details regarding the first security risk associated with the settings of the user account (e.g., Alert 502 as shown in  Fig. 5) and an account settings selectable button (e.g., Option 504 and Option 506 as shown in Fig. 5) (column 7, lines 47-59, “ FIG. 5 is an illustrative user interface 500 that may be generated by the account analysis system 100 in order to provide a user with alerts and suggested remedies for potential account vulnerabilities determined by the risk analysis module 150. As illustrated, the user interface 500 includes an alert 502 indicating that someone could change the user's password for the user's account with the “LMR Credit Union” service based in part on the user's profile information on social networking service “SocialSite.” For example, the account analysis system 100 may have determined that the answer to an account security question asked by the LMR Credit Union service during password recovery procedures is listed on the user's profile page for SocialSite.  “) that, upon selection, navigates the user to an account settings page for the user account (column 7, lines 60-67,” …The illustrative user interface 500 includes suggested remedial actions, including an option 504 which the user may select in order to be presented with one or more user interfaces that enable him to change his account settings with LMR Credit Union and an option 506 which the user may select in order to be presented with one or more user interfaces that enable him to edit his profile information and privacy settings with the SocialSite service. ‘“; column 8, lines 1-13 and Fig. 8 describe presenting alert history and alert settings for a user’s different accounts ); and
 implementing a change in the settings of the user account or a change in the settings of the network device within the BMS based at least in part on an input received from the user from the account settings page after the selection of the account settings selectable button (Abstract, “ …An alert may be generated regarding a determined takeover risk, which may include suggested actions for remedying the risk. “; column 1, lines 55-58, “…The account analysis system may then generate alerts regarding identified vulnerabilities, and may provide information regarding suggested account changes for remedying the identified vulnerabilities.  “; column 7, lines 60-67, “ …The illustrative user interface 500 includes suggested remedial actions, including an option 504 which the user may select in order to be presented with one or more user interfaces that enable him to change his account settings with LMR Credit Union and an option 506 which the user may select in order to be presented with one or more user interfaces that enable him to edit his profile information and privacy settings with the SocialSite service. “; column 8, lines 14-17, “  The user may select the “view alert information” option 604 in order to view more information regarding the alert for the ABC Email service and information regarding recommended remedial actions to be taken ….  “).  Examiner’s Note: Kapczynski teaches and suggest a selectable button that navigates a user to an account settings page from which the user may change the settings of the user account to resolve a security risk after a selection of the selectable button
It would have been obvious to a person of ordinary skill in the art at the effective filing date of the claimed invention to include Kapczynski’s account vulnerability alerts in the risk assessment system of Seiver in order to improve security  by generating alerts regarding identified vulnerabilities and providing information regarding suggested account changes for remedying the identified vulnerabilities as suggested by Kapczynski (See column 1, lines 55-58).  
Per claim 12, Sevier and Kapczynski disclose the system of claim 11, wherein identifying the first security risk comprises (Sevier, e.g., summary information1506 as shown in Fig. 15; paragraph [0264]) at least one selected from a group of: 
determining that the user account has an inactive session without a session timeout period (Sevier, e.g., Fig. 27 illustrates determining that the user account has an inactive session without a session timeout period, i.e., systems lacking endpoint visibility; paragraph [0314]); 
determining that the user account has a password that does not expire(Sevier, paragraph [0195], “ … For instance, the system can determine whether user accounts are required to have changed passwords periodically, and if not, the system can increase the metric, and thus compromise vulnerabilities, of all affected user accounts ….  “); 
determining that the user account does not have a password history policy(Sevier, paragraph [0202]); 
determining that the user account does not have lockout settings.  
Per claim 13, Sevier and Kapczynski disclose the system of claim 11, wherein identifying the first security risk comprises (e.g., summary information 1506 as shown in Fig. 15; paragraph [0264]) at least one selected from a group of: 
determining that the user account has a lockout policy that has a number of attempts greater than a first threshold or a lockout time greater than a second threshold; 
determining that the user account is dormant (Sevier, paragraph [0202], “ To determine a total risk value for the user accounts, the system can determine …. a number of stale administrator accounts (e.g., a number of administrative accounts with no logons in a prior time period such as 30 days) …“; paragraph [0259], “ …  Additional examples can include an investment to remove inactive network devices, remove user accounts with administrative privileges that haven't been used in a threshold time period, and so on “; paragraph [0272]); 
determining that the user account has a maximum password age greater than a third threshold (Sevier, paragraph [0202], “ To determine a total risk value for the user accounts, the system can determine …. a number of administrative accounts with old passwords (e.g., a number of accounts with passwords that haven't been changed in longer than a threshold such as 180 days) … “); 
determining that the user account has an inactive session period greater than a fourth threshold (Sevier, paragraph [0259], “ …  Additional examples can include an investment to remove inactive network devices, remove user accounts with administrative privileges that haven't been used in a threshold time period, and so on “); and 
determining that the user account is a temporary user account.  
Per claim 15, Sevier and Kapczynski disclose the method of claim 1, wherein the first security risk is more less than the second security risk, the method further comprising: 
presenting, on the user interface, the first security risk as a potential risk(Sevier, e.g., ‘Top Concerns’ as shown in Fig. 18; paragraph [0177], “ …The user interface 920 includes text 924 (e.g., the system can store textual descriptions) describing the metric, and indicates a percentage of network devices 926 that are affected (e.g., executing exploitable software), along with an indication of when the metric was last improved, for example from a previous determination of the metric ...   “; paragraph [0269]).  
presenting, on the user interface, the second security risk as a critical issue (Sevier, e.g., ‘Top Investments’ as shown in Fig. 18; paragraph [0266]; paragraph [0091-0092]; ‘Critical Host’ 928 as shown in Fig. 9B; paragraph [0177], “ … Additionally, the user interface 920 includes a percentage of critical network devices 928 (e.g., network devices indicated to the system as being critical, or network devices determined to be critical according to a name of the network device, such as a domain controller, or according to a determined critical area as described above in FIG. 2E)….   “ ); and 
Per claim 17, Sevier and Kapczynski disclose the system of claim 11,  further comprising presenting, on the user interface, an assessment of all user accounts associated with the BMS and an assessment of all network devices associated with the BMS (Sevier,   e.g., Figs. 9A-9D; paragraphs [0206], [0227], [0294], and [0308] ).  
Per claim 21, Sevier and Kapczynski disclose the method of claim 1, wherein presenting the details and the selectable button is performed in response to a selection of a view details selectable button associated with the first security risk of a plurality of view details selectable buttons associated with different security risks (Kapczynski, (Abstract, “ …An alert may be generated regarding a determined takeover risk, which may include suggested actions for remedying the risk. “; column 1, lines 55-58, “…The account analysis system may then generate alerts regarding identified vulnerabilities, and may provide information regarding suggested account changes for remedying the identified vulnerabilities.  “; column 7, lines 60-67, “ …The illustrative user interface 500 includes suggested remedial actions, including an option 504 which the user may select in order to be presented with one or more user interfaces that enable him to change his account settings with LMR Credit Union and an option 506 which the user may select in order to be presented with one or more user interfaces that enable him to edit his profile information and privacy settings with the SocialSite service. “; column 8, lines 14-17, “  The user may select the “view alert information” option 604 in order to view more information regarding the alert for the ABC Email service and information regarding recommended remedial actions to be taken ….  “).  Examiner’s Note: Kapczynski teaches and suggest a selectable button that navigates a user to an account settings page from which the user may change the settings of the user account to resolve a security risk after a selection of the selectable button).  
Per claim 22, Sevier and Kapczynski disclose the method of claim 21, further comprising: 
presenting a list of a plurality of user accounts that are experiencing the first security risk in response to the selection of the view details selectable button (Kapczynski, column 8, lines 14-31; Fig. 6 suggest presenting a list of a plurality of user accounts that are experiencing the first security risk in response to the selection of the view details selectable button), 

Per claim 23. Sevier and Kapczynski disclose the method of claim 22, wherein presenting the details regarding the first security risk selection and the account setting selectable button comprises presenting a textual description of the first security risk (Kapczynski, e.g., Alert 502 as shown in Fig. 5 illustrates presenting a textual description of a first security risk, i.e., an account vulnerability) and the list of the plurality of user accounts below the textual description of the first security risk(Kapczynski, e.g., Options 504 and 505 as shown in Fig. 5 illustrate a list of the plurality of user accounts, i.e., ‘LMR Credit Union’ and ‘SocialSite’; Fig. 6 also illustrates presenting the details regarding the first security risk selection and the account setting selectable button comprises presenting a textual description of the first security risk.).
Claims 4  and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Seiver et al. (Hereinafter, Seiver, US 2017/0078322 A1) in view of  Kapczynski et al. (Hereinafter, Kapczynski, US 10,102,570 B1), and further in view of Yampolskiy et al. (Hereinafter, Yampolskiy, US 2016/0171415 A1).
Per claim 4, Sevier and Kapczynski disclose the method of claim 1, but do not expressly disclose wherein identifying the second security risk comprises determining that the network device is running outdated software.  
In the same field of endeavor, Yampolskiy discloses wherein identifying the second security risk comprises determining that the network device is running outdated software (paragraph [0055], “ … The scorecard system 200 can also verify the protocol in use by the network, fingerprint software versions, and compare the versions against a known list of common vulnerabilities and exposures (CVE) ...   “; paragraph [0060], “ … The endpoint security module 209 can also identify known vulnerabilities in a CVE database for outdated software versions and notify a user when outdated software versions are detected ...  “).  
It would have been obvious to a person of ordinary skill in the art at the effective filing date of the claimed invention to include an endpoint security module such as taught by Yampolskiy in the risk assessment system of Sevier and Kapczynski in order to identify vulnerabilities and reduce a corporation's cybersecurity risks as suggested by Yampolskiy (See paragraph [0003]).  
Per claim 14, Sevier and Kapczynski disclose the system of claim 11, but do not expressly disclose wherein identifying the second security risk comprises determining that the network device is running outdated software.  
In the same field of endeavor, Yampolskiy discloses wherein identifying the second security risk comprises determining that the network device is running outdated software (paragraph [0055], “ … The scorecard system 200 can also verify the protocol in use by the network, fingerprint software versions, and compare the versions against a known list of common vulnerabilities and exposures (CVE) ...   “; paragraph [0060], “ … The endpoint security module 209 can also identify known vulnerabilities in a CVE database for outdated software versions and notify a user when outdated software versions are detected ...  “).  
It would have been obvious to a person of ordinary skill in the art at the effective filing date of the claimed invention to include an endpoint security module such as taught by Yampolskiy in the risk assessment system of Sevier and Kapczynski in order to identify vulnerabilities and reduce a corporation's cybersecurity risks as suggested by Yampolskiy (See paragraph [0003]).  
Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Seiver et al. (Hereinafter, Seiver, US 2017/0078322 A1) in view of Kapczynski et al. (Hereinafter, Kapczynski, US 10,102,570 B1), and further in Healy et al. (Hereinafter, Healy, US 2017/0053115 A1).
Per claim 6, Sevier and Kapczynski disclose the method of claim 1,  but do not expressly disclose the method as further comprising presenting, on the user interface, a graph of user activity within the BMS over a period of time, the graph showing at least one selected from a group of: 
a number of successful logins; 
a number of unsuccessful logins; and 
a number of locked out accounts.  
In the same field of endeavor, Healy discloses presenting, on the user interface, a graph of user activity within the BMS over a period of time, the graph showing at least one selected from a group of: 
a number of successful logins (e.g., login activity 804 as shown in Fig. 8; paragraphs [0099-0100]); 
a number of unsuccessful logins(e.g., login activity 804 as shown in Fig. 8; paragraph [0099-0100]); and 
a number of locked out accounts.  
It would have been obvious to one having ordinary skill in the art at the effective filing date of the claimed invention to include the checkout system such as taught by Healy in the risk assessment system of Sevier and Kapczynski in order to “determine whether a malicious actor is attempting to access a user account (e.g., through a brute-force attack, a dictionary based password attack, and so on)” and improve a corporation's ability to detect bad operators as suggested by Healy (See paragraph [0099]).  
Per claim 16, Sevier and Kapczynski disclose the system method of claim 16,  but does not expressly disclose the system as further comprising presenting, on the user interface, a graph of user activity within the BMS over a period of time, the graph showing at least one selected from a group of: 
a number of successful logins; 
a number of unsuccessful logins; and 
a number of locked out accounts.  
In the same field of endeavor, Healy discloses presenting, on the user interface, a graph of user activity within the BMS over a period of time, the graph showing at least one selected from a group of: 
a number of successful logins (e.g., login activity 804 as shown in Fig. 8; paragraphs [0099-0100]); 
a number of unsuccessful logins(e.g., login activity 804 as shown in Fig. 8; paragraph [0099-0100]); and 
a number of locked out accounts.  
It would have been obvious to one having ordinary skill in the art at the effective filing date of the claimed invention to include the checkout system such as taught by Healy in the risk assessment system of Sevier and Kapczynski in order to “determine whether a malicious actor is attempting to access a user account (e.g., through a brute-force attack, a dictionary based password attack, and so on)” and improve a corporation's ability to detect bad operators as suggested by Healy (See paragraph [0099]).  
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Seiver et al. (Hereinafter, Seiver, US 2017/0078322 A1) in view of Kapczynski et al. (Hereinafter, Kapczynski, US 10,102,570 B1), and further in Girdhar et al. (Hereinafter, Girdhar, US 2020/0110870 A1).
Per claim 8, Sevier and Kapczynski disclose the method of claim 1, but does not expressly disclose wherein implementing the change in the settings of the user account comprises at least one selected from a group of implementing a change in password policy settings of the user account and implementing a change in lockout settings of the user account.  
In the same field of endeavor, Girdhar discloses wherein implementing the change in the settings of the user account comprises at least one selected from a group of implementing a change in password policy settings of the user account (paragraph [0043]) and implementing a change in lockout settings of the user account(paragraph [0058]).  
It would have been obvious to one having ordinary skill in the art at the effective filing date of the claimed invention to include the lockout policy such as taught by Girdhar in the risk assessment system of Sevier and Kapczynski in order to end time-consuming lockout periods for a legitimate user of the account as suggested by Girdhar (See paragraph [0003]).  
Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Seiver et al. (Hereinafter, Seiver, US 2017/0078322 A1) in view of Kapczynski et al. (Hereinafter, Kapczynski, US 10,102,570 B1), and further in Ranjan et al. (Hereinafter, Ranjan, US 2013/0145356 A1).
Per claim 10, Sevier and Kapczynski disclose the method of claim 1, but do not expressly disclose wherein implementing the change in the settings of the network device comprises receiving a software update.  
In the same field of endeavor, Sevier discloses wherein implementing the change in the settings of the network device comprises receiving a software update (e.g., Block 535 as shown in Fig. 5B; Abstract; paragraphs [0059-0060]).  
It would have been obvious to one having ordinary skill in the art at the effective filing date of the claimed invention to include the automatic software update such as taught by Ranjam in the risk assessment system of Sevier and Kapczynski in order to reduce the amount of time required to update software on each network device as suggested by Ranjan (See paragraph [0001]).  
Per claim 20, Sevier and Kapczynski disclose the system of claim 11, but do not expressly disclose wherein implementing the change in the settings of the network device comprises receiving a software update.  
In the same field of endeavor, Sevier discloses wherein implementing the change in the settings of the network device comprises receiving a software update (e.g., Block 535 as shown in Fig. 5B; Abstract; paragraphs [0059-0060]).  
It would have been obvious to one having ordinary skill in the art at the effective filing date of the claimed invention to include the automatic software update such as taught by Ranjam in the risk assessment system of Sevier and Kapczynski in order to reduce the amount of time required to update software on each network device as suggested by Ranjan (See paragraph [0001]).  
Response to Arguments
Examiner Interview
Examiner acknowledges applicant’s remarks regarding the interview on February 16, 2022.
Rejections Under 35 U.S.C. § 103
Independent Claim 1
Applicant’s arguments, see Remarks, filed 8 April 2022, with respect to the rejection of claim 1 under 35 U.S.C. § 103 as being unpatentable over U.S. Patent Publication No. 2017/0078322 (“Seiver”) in view of U.S. Patent Publication No. 2018/0211045 (“Abukhovsky”) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of U.S. Patent No. 10,102,570 B1 (“Kapczynski”).
Applicant argues that “the combination of Seiver and Abukhovsky fails to teach or suggest a user interface that includes an account settings selectable button that navigates a user to an account settings page for a user account that has an active security risk and from which a user can change the account settings of the user account, as is required in Claim 1.”
The Examiner disagrees since Seiver and Abukhovsky were not relied upon to teach or suggest a user interface that includes an account settings selectable button that navigates a user to an account settings page for a user account that has an active security risk and from which a user can change the account settings of the user account, as is required in Claim 1. Kapczynski discloses a user interface that includes an account settings selectable button that navigates a user to an account settings page for a user account that has an active security risk and from which a user can change the account settings of the user account as discussed above.
Dependent Claims 22 and 23
Applicant’s arguments with respect to claims 22 and 23 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
In view of the above, Examiner maintains the rejections of claims  1-8, 10-17 and 20-23.                              

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARRIN HOPE whose telephone number is (571)270-5079. The examiner can normally be reached Mon-Thr - 7-4:30, Fri - 7-3:30, Alt. Fri Off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kieu D Vu can be reached on (571)272-4057. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

DARRIN HOPE
Examiner
Art Unit 2173



/KIEU D VU/Supervisory Patent Examiner, Art Unit 2173