Or DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Priority
	Applicant’s claim to priority to PCT/JP2018/012564, filed 3/27/2018, is acknowledged.

Information Disclosure Statement
	The 8/26/2020 IDS document has been considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “a first graph generation part,” “a second graph generation part,” “a display part,” “an access right storage part,” “a third graph generating part,” and “a condition receiving part”  in claims 1-8.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. For instance, at least [0087] of the specification recites that “each part (processing means, function) of a security evaluation system as shown in the first to third exemplary embodiments can be realized by a computer program that causes a processor of the computer to execute each of the above processes using its hardware.”
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 4 and 13 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. 
Each of claims 4 and 13 recites the limitation "to enter the space." There is insufficient antecedent basis for this limitation in the claim (i.e., the respective parent claim does not define a space).
Each of claims 4 and 13 further recites “stores a user who is allowed to enter the space,” where it is unclear if the user themself is being stored, whether a user identifier of the user is being stored, or whether some or all information of a user’s account is being stored. As such, the scope of the claims is unclear. 

Claims 6 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Each of claims 6 and 15 recites displaying a resource “and the second evaluation graph corresponding to the resource or an attack graph related to the resource,” where it is not clear whether “or an attack graph related to the resource” is ORed with the displaying or with corresponding to the second evaluation graph (e.g., “displays an attack graph related to the resource” / “displays a resource corresponding to the display condition of the first evaluation graph and the second evaluation graph corresponding to an attack graph related to the resource”). As such, the scope of the claims is unclear. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to the abstract idea of a mental process (i.e., concepts performed in the human mind, such as an observation, evaluation, judgment, and/or opinion) without significantly more. The claim(s) recite(s) creating graphs of resources and resource locations, as well as displaying the graphs. However, this may be interpreted as merely creating a mental mapping for a collection of resources in a set of given areas. For instance, “a first graph generation part that generates a first evaluation graph representing a connection relationship between resources as a target for security evaluation” may be interpreted as an analyst noting that there are a number of connected computers within a facility (e.g., 2 computers in a building). Further, “a second graph generation part that generates a second evaluation graph representing a connection relationship between areas where the resources are located” may be interpreted as an analyst noting that the computers are interspersed into different rooms (e.g., each of the computers being in a separate room) which are connected by a hallway. Likewise, “a display part that displays the first evaluation graph and the second evaluation graph in association with each other” may be interpreted as the analyst visualizing the aforementioned (e.g., two nodes connected by a path, representative of either a network connection or a hallway connection).
This judicial exception is not integrated into a practical application because adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea are not considered to be sufficient—see MPEP 2106.05(f). For instance, claims 1 and 10 recite “a security evaluation system,” “a computer-readable non-transient recording medium,” and “a processor and a memory device,” which are all merely the base elements of any computer for performing the judicial exception. Claim 9 appears to merely recite the judicial exception as a method.
The claims further recite elements which may be considered sufficient to amount to significantly more than the judicial exception: “a security evaluation system,” “a computer-readable non-transient recording medium,” and “a processor and a memory device.”
However, these elements are not sufficient to amount to significantly more than the judicial exception because adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea are not considered to be sufficient—see MPEP 2106.05(f). In this case, the elements merely recite the base elements of any computer for performing the judicial exception. Claim 9 appears to merely recite the judicial exception as a method.
The dependent claims are likewise rejected under this analysis as above, as they merely further specify the judicial exception in greater detail. They do not indication of integration into a practical application nor specify limitations indicative of significantly more than the judicial exception. For instance, claims 2-3 further specify the node and path structure of the visualized graphs (the further specified representation being consistent with the examples above); claim 4 specifies an additional consideration (a given user’s access—e.g., whether an employee is allowed access into one or both of the rooms in the example above); claim 5 specifies visualizing potential attack avenues for the computers and facility (e.g., entering from the hallway into room 1 and using computer 1); claims 6-8 further specify updating the visualization based on a given condition). Claims 11-20 are substantially similar and are likewise rejected.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-6 and 8-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Muller (US 2015/0106941 A1).

Regarding claim 1, Muller discloses: A security evaluation system, comprising: 
a first graph generation part that generates a first evaluation graph representing a connection relationship between resources as a target for security evaluation; 
Refer to at least the FIG. 1 and [0012]-[0014] of Muller with respect to a graphical representation of resources and their connections in a facility. 
a second graph generation part that generates a second evaluation graph representing a connection relationship between areas where the resources are located; and 
Refer to at least the FIG. 1 and [0012]-[0014] of Muller with respect to a graphical representation of resources and identified areas within a facility. 
a display part that displays the first evaluation graph and the second evaluation graph in association with each other.
Refer to at least [0021] and [0057] of Muller with respect to a GUI displaying, e.g., a graph as shown in FIG. 1, to a user. 

Regarding claim 2, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations to the graphical representation—e.g., “[p]athways may be physical or electronic connections between the areas”).

Regarding claim 3, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations to the graphical representation—e.g., “[p]athways may be physical or electronic connections between the areas”).

Regarding claim 4, Muller discloses: The security evaluation system according to claim 1, further comprising: an access right storage part that stores a user who is allowed to enter the space, wherein the display part displays information of a user who is allowed to enter the space as additional information of the second evaluation graph.
Refer to at least “User Level” and “Admin Level” associated with each other and, e.g., Building B in FIG. 1 of Muller. 

Regarding claim 5, Muller discloses: The security evaluation system according to claim 1, further comprising: a third graph generating part that generates an attack graph for a resource as a target for the security evaluation, wherein the display part further displays the first evaluation graph and the third evaluation graph in association with each other.
Refer to at least FIG. 4, TABLE C on pages 6-7, and [0057] of Muller with respect to determining and displaying a route of attack associated with the graphical representation.  

Regarding claim 6, Muller discloses: The security evaluation system according to claim 1, further comprising: a condition receiving part that receives a display condition including at least one designation of ID of the resource or type of the resource, wherein the display part displays a resource corresponding to the display condition of the first evaluation graph and the second evaluation graph corresponding to the resource or an attack graph related to the resource.
Refer to at least [0026] and [0031] of Muller with respect to safeguard IDs. 

Regarding claim 8, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations to the graphical representation—e.g., see FIG. 1 with respect to resources which are not connected to each other and TABLE C with respect to traversal over the graph during an attack).  

Regarding independent claim 9, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., see the citations).

Regarding independent claim 10, it is substantially similar to independent claim 1 above, and is therefore likewise rejected (i.e., see the citations).

Regarding claims 11-15, they are substantially similar to claims 2-6 above, and are therefore likewise rejected. 

Regarding claims 16-20, they are substantially similar to claims 2-6 above, and are therefore likewise rejected. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Muller as applied to claims 1-6 and 8-20 above, and further in view of “Advanced Vulnerability Analysis and Intrusion Detection through Predictive Attack Graphs,” hereinafter “Noel.”

Regarding claim 7, Muller does not fully disclose: further comprising: a condition receiving part that receives a display condition including designation of an area where the resource is located, wherein the display part displays an area corresponding to the display condition of the second evaluation graph, a partial graph of the first evaluation graph related to the area and an attack graph related to the partial graph. However, Muller in view of Noel discloses: further comprising: a condition receiving part that receives a display condition including designation of an area where the resource is located, wherein the display part displays an area corresponding to the display condition of the second evaluation graph, a partial graph of the first evaluation graph related to the area and an attack graph related to the partial graph. 
Refer to at least FIG. 4, FIG. 9, and the last paragraph on 7 of Noel with respect to attack graph visualization via graph overview, main graph view, and a geo-spatial view. 
The teachings of Muller and Noel both concern vulnerability and attack visualization and are considered to be within the same field of art and combinable as such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Muller to include additional views in the GUI for at least the purpose of increasing data density and thereby providing the analyst more information to work with at a time. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        
/V.S/Examiner, Art Unit 2432