DETAILED ACTION
Response to Amendment
 	This Office action is in response to Applicant’s amendment filed 6/6/2022. Claims 1, 3-6, 8, 11, 14, 15, 17 and 18 have been amended. Claim 2 has been canceled. Claims 1 and 3-20 are pending.

 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Reasons for Allowance
 	Claims 1 and 3-20 are allowed.
	The following is an examiner’s statement of reasons for allowance:
With respect to independent claim 1, none of the prior art of record, taken individually or in any combination teach, inter alia, query, using the first identifier of the target system, a first data source of the plurality of data sources, wherein the first data source includes a fraud report database storing inactive fraud reports and active fraud reports, each inactive fraud report associated with a reported and investigated fraud incident, each active fraud report associated with a reported fraud incident undergoing investigation; receive, from the fraud report database in response to the querying, any inactive fraud reports for the target system and any active fraud reports for the target system; and locally cache, in the memory device, data representing whether the target system has been a subject of a past data breach, the data comprising: when one or more inactive fraud reports or one or more active fraud reports are received, the one or more inactive or active fraud reports; and when no inactive or active fraud reports are received, a data element indicating no fraud reports were received.
With respect to independent claim 15, none of the prior art of record, taken individually or in any combination teach, inter alia, querying, using the at least one alternative identifier of the target system, at least one second data source of the plurality of data sources, to receive data associated with a potential for a future data breach at the target system, wherein the at least one second data source includes web resources of the target system, wherein the web resources include a plurality of web pages associated with the target system, said querying comprising: transmitting a respective test signal to the plurality of web pages, each test signal including a query associated with a security feature of a corresponding web page of the plurality of web pages, each query initiating a response from the corresponding web page; and receiving a plurality of responses, each received response including a respective status of the security feature on the corresponding web page; and locally caching, in the memory device, the received responses as external review analytics data associated with the potential for a future data breach at the target system.
With respect to independent claim 18, none of the prior art of record, taken individually or in any combination teach, inter alia, query, using the at least one alternative identifier of the target system, at least one second data source of the plurality of data sources, to receive data associated with a potential for a future data breach at the target system, wherein the first data source or the at least one second data source includes an illicit threat data source of text-based content associated with illicit threats associated with the target system, and wherein either the querying of the first data source or the querying of the at least one second data source comprises crawling the illicit threat data source for text-based content including the first identifier or the at least one alternative identifier of the target system, the text- based content indicating a breach of the target system has likely been conducted; and locally cache, in the memory device, the data associated with the potential for a future data breach at the target system, including caching the text-based content as an illicit threat assessment.

 	The prior art references most closely resembling Applicant’s claimed invention are Sharifi Mehr (US 20210029156 A1) and Lunsford et al (US 20200193022 A1).
Sharifi Mehr discloses a an IoT security service collects data from IoT devices being monitored and possibly other related components, analyzes the collected data to detect defined facilitators and indicators associated with an IoT kill chain, and uses the detected facilitators and indicators to continuously or periodically calculate at least two scores for individual devices or for groups of devices: a security threat level score and a security breach likelihood score. Users can use the IoT security system to request and gain insight into the factors that are used to calculate the threat level and breach likelihood scores (for example, the identified facilitators and indicators), ¶ 0018.
The identification of IoT devices can be based on IP addresses associated with the devices (if the addresses are public and the devices are not behind a proxy) or using any other identifiers of the devices, ¶ 0024. An IoT security service 110 may convert the data collected from these systems into a standard set of data fields, modify or supplement fields in the data (for example, to convert IP addresses into domain names, supplement the data with user account identifiers, and so forth), or perform any other operations on the data to facilitate subsequent analyses, ¶ 0029.
The IoT device data 120 can be collected from a number of disparate data sources, the received data can be represented using a variety of different formats (for example, various log data formats, network traffic data records, various data formats generated by device management/audit systems, and so forth), ¶ 0029, a calculation of a breach likelihood score is based on a combination of identified indicators, recent threat level scores, and possibly other factors including historical observations related to a device, ¶ 0037.
The calculation of a threat level score, breach likelihood score, or both, for a particular IoT device 104 can be based in part on data that relates to one or more other IoT devices, ¶ 0040. FIG. 4 is a graph illustrating a relationship between identified security threat facilitators and indicators related to one or more IoT devices and calculated threat likelihood scores and breach likelihood scores according to some embodiments. The graph 400 can be generated and caused to be displayed in a web-based GUI, application GUI, or any other interface accessible to a user 112 via an electronic device 118, ¶ 0066.
Lunsford et al disclose the process 800 can generate a compliance report. The compliance report can include all information available to the process 800 and which pertain to the tasks of the playbook identified for the cyber event. In an example, the compliance report can be or can be a basis for a final compliance report that is mandated to be provided to a regulatory agency (¶ 0128).
Playbooks and/or tasks can be added, deleted, and/or changed, by one or more components of the system 302, to reflect the updated risk. The system 302 can report changes to risk score of the instant enterprise based on the changes (¶ 0108).

 	However, none of the cited prior art, taken individually or in any combination, teach inter alia, the limitations discussed above with respect to independent claims 1, 15 and 18. 

 	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
 	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
-V. Hassija et al (A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures) disclose the security issues, various emerging and existing technologies focused on achieving a high degree of trust in the IoT applications.
-J. Pikoulas et al (An Intelligent Agent Security Intrusion System) disclose the research previously undertaken on a misuse system based on intelligent agent software technology.
-Schultz et al (Data Mining Methods for Detection of New Malicious Executables) disclose a data-mining framework that detects new, previously unseen malicious executables accurately and automatically.

 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDRE D BOYCE whose telephone number is (571)272-6726. The examiner can normally be reached M-F 10a-6:30p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rutao (Rob) Wu can be reached on (571) 272-6045. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANDRE D BOYCE/Primary Examiner, Art Unit 3623                                                                                                                                                                                                   June 12, 2022