DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to amendment filed on March 20, 2022.
Claims 1-20 are presented for examination.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Levy et al. U.S. Patent Application Publication Number 2021/0342467 A1 (hereinafter Levy).

As per claims 1, 7, 13, Levy discloses a computer-implementable method for modeling security risk (see modeling security risks by continuously updating entity models based on observed activities on page 19 section [0175] and Figure 15), comprising: 
monitoring an entity, the monitoring observing an electronically-observable data source (see sensors detect events from number of computing objects on page 19 section [0176] and step 1502); 
deriving an observable based upon the monitoring of the electronically-observable data source (see collecting plurality of events into an event vector step 1506, or derive observable event into event vector as claimed, on page 19 section [0179]); 
identifying a security related activity, the security related activity being based upon the observable from the electronic data source (see calculating a risk score in step 1508 by determining event vector distance measure on page 19 section [0180]); 
analyzing the security related activity, the analyzing the security related activity (see determining that a risk score exceeds a threshold step 1510 on page 19 section [0181]) using a human-centric risk modeling framework (see using a first entity model looking at pattern of events from a monitored user on page 19 section [0177] and see entity model may define user roles, groups, permitted activities and other attributes for the human user on page 6 section [0063] and see controlling user access based on conditions such as user’s usage history and job position on page 6 section [0060])
the human-centric risk modeling framework enabling quantification of a human-centric factor associated with the entity (see user entity model to access risk of a human user on page 19 section [0177]), the human-centric factor comprising at least one of a motivation factor (see determining user risk based on need to know and job position on page 6 section [0060] and see user motivation such as leaving shortly or have left the company on page 9 section [0093]), a stressor factor (see user entity state risk such as state of integrity or the health state of the user on page 9 section [0091]) and an organizational dynamics factor (see user entity compared with its peer group or organizational department on page 8 section [0084]), the human-centric factor having an associated effect on the entity (see user entity model to access risk of a human user on page 19 section [0177]); and, 
performing a security operation in response to the analyzing the security related activity (see responding to high risk score performing remedial action step 1510 on page 19 section [0181]).

As per claims 2, 8, 14, Levy discloses the method of claim 1, wherein: the human-centric risk modeling framework is implemented as a reference model (see using a first entity model looking at pattern of events from a monitored user on page 19 section [0177] and see entity model may define user roles, groups, permitted activities and other attributes for the human user on page 6 section [0063] and see controlling user access based on conditions such as user’s usage history and job position on page 6 section [0060]), the reference model being used to assess a risk associated with a user entity enacting the security related activity (see event are compared against a based line to identify risk on page 8 section [0084] and see riskiness of the user may be evaluated on page 9 section [0091]).

As per claims 3, 9, 15, Levy discloses the method of claim 2, wherein: the risk is quantitatively expressed as a user entity risk score (see user entity is assigned a risk score on page 9 section [0091]).

As per claims 4, 10, 16, Levy discloses the method of claim 1, wherein: the human-centric risk modeling framework comprises at least one of a user entity behavior, a security risk use case, a kill chain phase, a security risk persona, a user entity predisposition, a security vulnerability scenario, a concerning behavior and a contextual modifier (see user risk score is compared with state of integrity, or health state of the user on page 9 section [0091] and see comparing with user entity behavior such as usage history, location, time of date, connection type, and other scenarios on page 6 section [0060]).

As per claims 5, 11, 17, Levy discloses the method of claim 4, wherein: the concerning behavior comprises an associated concerning behavior score (see user behavior score such as state of integrity or health state of the user on page 9 section [0091]), the security risk persona comprises an associated persona baseline risk score (see comparing user baseline with other peers of the group for risk determination on page 8 section [0084]), and the user entity behavior comprises the security related activity (see user security related activity such as user usage history, need to know, job position, connection type, time of day, and method of authentication on page 6 section [0060]).

As per claims 6, 12, 18, Levy discloses the method of claim 4, wherein: the contextual modifier comprises a stressor modifier (see user behavior score such as state of integrity or health state of the user on page 9 section [0091]), an organizational modifier and a motivation modifier (see user entity model examines user groups on page 6 section [0063] and see comparing user with peer group in the same organizational department on page 8 section [0084]).

As per claim 19, Levy discloses the non-transitory, computer-readable storage medium of claim 13, wherein: the computer executable instructions are deployable to a client system from a server system at a remote location (see monitoring system is deployable through remote resources on page 25 section [0225] and controllable via remote access on page 26 section [0228]).

As per claim 20, Levy discloses the non-transitory, computer-readable storage medium of claim 13, wherein: the computer executable instructions are provided by a service provider to a user on an on-demand basis (see security service is provided as on-demand, add-on charged service on page 26 section [0229] and see security service as a third-party information provider for a fee through a marketplace provider 109 on page 3 section [0035]).

Response to Arguments
Applicant’s arguments, see Remarks on page 7, filed March 20, 2022, with respect to Non-statutory double patenting have been fully considered and are persuasive.  The double patenting rejection of claims 1-20 has been withdrawn. 

Applicant's arguments filed on March 20, 2022 have been fully considered but they are not persuasive.  As per claims 1, 7, 13, the applicant asserts that Levy do not teach as amended: the human-centric risk modeling framework enabling quantification of a human-centric factor associated with the entity, the human-centric factor comprising at least one of a motivation factor, a stressor factor and an organizational dynamics factor, the human-centric factor having an associated effect on the entity  (see Remarks on page 7).  The examiner respectfully disagrees.

Levy teaches: the human-centric risk modeling framework enabling quantification of a human-centric factor associated with the entity (see user entity model to access risk of a human user on page 19 section [0177]), the human-centric factor comprising at least one of a motivation factor (see determining user risk based on need to know and job position on page 6 section [0060] and see user motivation such as leaving shortly or have left the company on page 9 section [0093]), a stressor factor (see user entity state risk such as state of integrity or the health state of the user on page 9 section [0091]) and an organizational dynamics factor (see user entity compared with its peer group or organizational department on page 8 section [0084]), the human-centric factor having an associated effect on the entity (see user entity model to access risk of a human user on page 19 section [0177]).
Levy teaches using multiple user risk scores to determining a risk entity model (see page 20 section [0189]).  Levy teaches determining user risk factors through monitoring user states.





Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALAN S CHOU whose telephone number is (571)272-5779. The examiner can normally be reached Monday-Friday 9:00-5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chris L Parry can be reached on (571)272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALAN S CHOU/Primary Examiner, Art Unit 2451