Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101 (Abstract Idea)
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


8.	Claims 1 – 30 is / are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more analyzed according to 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”). The claim recites rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; and enabling a third-party to gather artifacts concerning an object within the threat mitigation user interface.
Step 1: The claims 1, 11 and 21 do fall into one of the four statutory categories of method and system claims. Nevertheless the claims still is/are considered as abstract idea for the following prongs and reasons.
Step 2A: Prong 1: The limitation of claims 1, 11 and 21 recites: rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; and enabling a third-party to gather artifacts concerning an object within the threat mitigation user interface, as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the human mind and / or with pen and paper without a generic computer. Except for words ‘system with memory and processors’, there is nothing in the claim element precludes the step from practically being performed in human mind and/or with pen and paper. For example, checking smart card or token validity and obtaining various information, in any office or campus can also be perceived to be done manually by human in an orderly fashion. In the context of these claims encompasses assigning scores, taking remedial measures accordingly. 
Dependent claims 2 – 10, 12 – 20 and 22 – 20 which in turn recite about artifacts such as raw data; screen shots; graphics; notes; annotations; audio recordings; and video recordings, enabling the third-party to store the artifacts, enabling the third-party to provide the artifacts to another party, inspection window is a popup or slide out inspection window, monitoring a plurality of sources to identify suspect activity etc. is/are mere structural addendums and are other steps that could be performed by human manually with/without need for a computer.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in a human mind but for the recitation of generic computer components, then it falls within the “mental processes” grouping of abstract ideas and can be done manually. Accordingly, the claim recites an abstract idea.
Prong 2: This judicial exception is not integrated into a practical application. In particular, the claims do not recite any additional element to perform beyond routine steps of: rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; and enabling a third-party to gather artifacts concerning an object within the threat mitigation user interface. The steps are recited at a high-level of generality (i.e., as generic terms performing generic computer functions (spec. [00276]) such that it amounts no more than mere instructions to apply the exception using generic computer components). Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. Therefore the claims is directed to an abstract idea. Step 2B: The claims does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; and enabling a third-party to gather artifacts concerning an object within the threat mitigation user interface, amounts to no more than mere instructions to apply the exception using a generic computer terms. Mere instructions to apply an exception using a generic computer components cannot provide an inventive concept. The claims is / are not patent eligible. Therefore all the corresponding dependent claims 2 – 10, 12 – 20 and 22 – 20 are also rejected for the same rationale.

Claim Rejections - 35 USC § 101 (Non-Statutory)
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


The claimed invention is directed to non-statutory subject matter.  The claim(s) 11 does/do not fall within at least one of the four categories of patent eligible subject matter because Claim 11 is directed to “A computer program product residing on a computer readable medium having a plurality of instructions stored thereon which, when executed by a processor” (software per se) a non-statutory subject matter.  The claim(s) 11 does/do not fall within at least one of the four categories of patent eligible subject matter because computer program product residing on a computer readable medium having a plurality of instructions is non-statutory and does not fall in any of the four categories of process, manufacture, machine or composition – as it does not provide any hardware or tangible structure to the claim(s). Therefore all corresponding dependent claims 12 – 20 are also rejected for the same rationale.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1 – 30 is/are rejected under 35 U.S.C. 102 (a) (2) as being unpatentable by Hogg et al (US 10592938), hereafter Hogg.
Claim 1: computer-implemented method, executed on a computing device, comprising: rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; (C2L33-35: assessment provided by the platform include a graphical display enabling an end user to identify weaknesses across a number of security domains... enterprise is assessed in view of a target vulnerability rating and/or peer benchmark vulnerability ratings to enable visual comparison of the enterprise's present state and (C16L549-53) the process is used in connection with assessing cyber security threat exposure, the platform operates on behalf of a provider of "smart" networking devices that detect malicious activity);
and enabling a third-party to gather artifacts concerning an object within the threat mitigation user interface. (C9L11-30: the vulnerability assessment is conducted by a third-party field agents engaged or otherwise assigned by the operators of the platform which operate on-site at the enterprise... observing operations and behaviors, and performing cyber exploration, penetration, and vulnerability examinations).
Claim 2: Hogg teaches the computer-implemented method of claim 1 wherein the artifacts include one or more of: raw data; screen shots; graphics; notes; annotations; audio recordings; and video recordings. (C12L51-52, Fig. 4A: shows example screen shot of a user interface for assessment of vulnerability).
Claim 3: Hogg teaches the computer-implemented method of claim 1 further comprising: enabling the third-party to store the artifacts within a defined storage location. (C34L38-44: field team record information related to the operations as findings pertaining to the enterprise via a field agent user interface that is presented on a portable computing device, such as computing devices of fig. lA. The data entered via the field agent user interface is stored in a service data store of fig. lA).
Claim 4: Hogg teaches the computer-implemented method of claim 1 further comprising: enabling the third-party to provide the artifacts to another party. (C9L35-45: a field agent makes modifications via UI, for presentation to other field agents conducting vulnerability assessments in the future. Executive(s) from the enterprise, such as the Chief Information Security Officer (CISO) can access and manage the vulnerability findings).
Claim 5: Hogg teaches the computer-implemented method of claim 1 further comprising: enabling the third-party to select an object within the threat mitigation user interface, thus defining a selected object; and rendering an inspection window that defines object information concerning the selected object. (C9L23-45: the user interface permits a given field agent assessing a particular enterprise to select from among thousands of potential findings and those findings are organized under security domains according to various organizational schemes selected by the enterprise for its convenience and (C21L27-28) the number of navigation elements to be displayed is discernible).
Claim 6: Hogg teaches the computer-implemented method of claim 5 wherein the inspection window is a popup inspection window. (C39L26-28: results in presentation of a user interface (a pop-up window) presenting the information entered via the user interface).
Claim 7: Hogg teaches the computer-implemented method of claim 5 wherein the inspection window is a slide out inspection window. (C44L1-10, Fig. 10: the slider element represents the "Data" security domain, while the slider represents the "Physical Spaces" security domain, and so on).
Claim 8: Hogg teaches the computer-implemented method of claim 5 wherein enabling a third-party to gather artifacts concerning an object within the threat mitigation user interface includes: enabling the third-party to gather artifacts concerning an object within the inspection window. (C9L11-30: the vulnerability assessment is conducted by a third-party field agents engaged or otherwise assigned by the operators of the platform which operate on-site at the enterprise... observing operations and behaviors, and performing cyber exploration, penetration, and vulnerability examinations).
Claim 9: Hogg teaches the computer-implemented method of claim 1 further comprising: detecting the security event within the computing platform based upon identified suspect activity. (C2L33-35: assessment provided by the platform include a graphical display enabling an end user to identify weaknesses across a number of security domains... enterprise is assessed in view of a target vulnerability rating and/or peer benchmark vulnerability ratings to enable visual comparison of the enterprise's present state).
Claim 10: Hogg teaches the computer-implemented method of claim 9 wherein detecting the security event within the computing platform based upon identified suspect activity includes: monitoring a plurality of sources to identify suspect activity within the computing platform. (C10L40-60: Such digital forensic services include a tool that operates against a file system of a computer to identify files that match certain patterns, defined by regular expressions, which are defined by the user, where the patterns indicate compromise of the system and/or a tool that continuously monitors the "attack surface" of an enterprise and/or Uniform Resource Indicator access points, Internet Protocol address ranges of an enterprise and identify any changes).
Claim 11: Hogg teaches a computer program product residing on a computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising: rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; and enabling a third-party to gather artifacts concerning at least one object within the threat mitigation user interface. (C2L33-35: assessment provided by the platform include a graphical display enabling an end user to identify weaknesses across a number of security domains... enterprise is assessed in view of a target vulnerability rating and/or peer benchmark vulnerability ratings to enable visual comparison of the enterprise's present state and (C16L549-53) in which the process is used in connection with assessing cyber security threat exposure, the platform operates on behalf of a provider of "smart" networking devices that detect malicious activity; C9L11-30: the vulnerability assessment is conducted by a third-party field agents engaged or otherwise assigned by the operators of the platform which operate on-site at the enterprise... observing operations and behaviors, and performing cyber exploration, penetration, and vulnerability examinations).
Claim 12: Hogg teaches the computer program product of claim 11 wherein the artifacts include one or more of: raw data; screen shots; graphics; notes; annotations; audio recordings; and video recordings. (C12L51-52, Fig. 4A: shows example screen shot of a user interface for assessment of vulnerability).
Claim 13: Hogg teaches the computer program product of claim 11 further comprising: enabling the third-party to store the artifacts within a defined storage location. (C34L38-44: field team record information related to the operations as findings pertaining to the enterprise via a field agent user interface that is presented on a portable computing device, such as computing devices of fig. lA. The data entered via the field agent user interface is stored in a service data store of fig. lA).
Claim 14: Hogg teaches the computer program product of claim 11 further comprising: enabling the third-party to provide the artifacts to another party. (C9L35-45: a field agent makes modifications via UI, for presentation to other field agents conducting vulnerability assessments in the future. Executive(s) from the enterprise, such as the Chief Information Security Officer (CISO) can access and manage the vulnerability findings).
Claim 15: Hogg teaches the computer program product of claim 11 further comprising: enabling the third-party to select an object within the threat mitigation user interface, thus defining a selected object; and rendering an inspection window that defines object information concerning the selected object. (C9L23-45: the user interface permits a given field agent assessing a particular enterprise to select from among thousands of potential findings and those findings are organized under security domains according to various organizational schemes selected by the enterprise for its convenience and (C21L27-28) the number of navigation elements to be displayed is discernible).
Claim 16: Hogg teaches the computer program product of claim 15 wherein the inspection window is a popup inspection window. (C39L26-28: results in presentation of a user interface (a pop-up window) presenting the information entered via the user interface).
Claim 17: Hogg teaches the computer program product of claim 15 wherein the inspection window is a slide out inspection window. (C44L1-10, Fig. 10: the slider element represents the "Data" security domain, while the slider represents the "Physical Spaces" security domain, and so on).
Claim 18: Hogg teaches the computer program product of claim 15 wherein enabling a third-party to gather artifacts concerning at least one object within the threat mitigation user interface includes: enabling the third-party to gather artifacts concerning the at least one object within the inspection window. (C9L11-30: the vulnerability assessment is conducted by a third-party field agents engaged or otherwise assigned by the operators of the platform which operate on-site at the enterprise... observing operations and behaviors, and performing cyber exploration, penetration, and vulnerability examinations).
Claim 19: Hogg teaches the computer program product of claim 11 further comprising: detecting the security event within the computing platform based upon identified suspect activity. (C2L33-35: assessment provided by the platform include a graphical display enabling an end user to identify weaknesses across a number of security domains... enterprise is assessed in view of a target vulnerability rating and/or peer benchmark vulnerability ratings to enable visual comparison of the enterprise's present state).
Claim 20: Hogg teaches the computer program product of claim 19 wherein detecting the security event within the computing platform based upon identified suspect activity includes: monitoring a plurality of sources to identify suspect activity within the computing platform. (C10L40-60: Such digital forensic services include a tool that operates against a file system of a computer to identify files that match certain patterns, defined by regular expressions, which are defined by the user, where the patterns indicate compromise of the system and/or a tool that continuously monitors the "attack surface" of an enterprise and/or Uniform Resource Indicator access points, Internet Protocol address ranges of an enterprise and identify any changes).
Claim 21: Hogg teaches a computing system including a processor and memory configured to perform operations comprising: rendering a threat mitigation user interface that identifies objects within a computing platform in response to a security event; and enabling a third-party to gather artifacts concerning at least one object within the threat mitigation user interface. (C2L33-35: assessment provided by the platform include a graphical display enabling an end user to identify weaknesses across a number of security domains... enterprise is assessed in view of a target vulnerability rating and/or peer benchmark vulnerability ratings to enable visual comparison of the enterprise's present state and (C16L549-53) in which the process is used in connection with assessing cyber security threat exposure, the platform operates on behalf of a provider of "smart" networking devices that detect malicious activity; C9L11-30: the vulnerability assessment is conducted by a third-party field agents engaged or otherwise assigned by the operators of the platform which operate on-site at the enterprise... observing operations and behaviors, and performing cyber exploration, penetration, and vulnerability examinations).
Claim 22: Hogg teaches the computing system of claim 21 wherein the artifacts include one or more of: raw data; screen shots; graphics; notes; annotations; audio recordings; and video recordings. (C12L51-52, Fig. 4A: shows example screen shot of a user interface for assessment of vulnerability).
Claim 23: Hogg teaches the computing system of claim 21 further comprising: enabling the third-party to store the artifacts within a defined storage location. (C34L38-44: field team record information related to the operations as findings pertaining to the enterprise via a field agent user interface that is presented on a portable computing device, such as computing devices of fig. lA. The data entered via the field agent user interface is stored in a service data store of fig. lA).
Claim 24: Hogg teaches the computing system of claim 21 further comprising: enabling the third-party to provide the artifacts to another party. (C9L35-45: a field agent makes modifications via UI, for presentation to other field agents conducting vulnerability assessments in the future. Executive(s) from the enterprise, such as the Chief Information Security Officer (CISO) can access and manage the vulnerability findings).
Claim 25: Hogg teaches the computing system of claim 21 further comprising: enabling the third-party to select an object within the threat mitigation user interface, thus defining a selected object; and rendering an inspection window that defines object information concerning the selected object. (C9L23-45: the user interface permits a given field agent assessing a particular enterprise to select from among thousands of potential findings and those findings are organized under security domains according to various organizational schemes selected by the enterprise for its convenience and (C21L27-28) the number of navigation elements to be displayed is discernible).
Claim 26: Hogg teaches the computing system of claim 25 wherein the inspection window is a popup inspection window. (C39L26-28: results in presentation of a user interface (a pop-up window) presenting the information entered via the user interface).
Claim 27: Hogg teaches the computing system of claim 25 wherein the inspection window is a slide out inspection window. (C44L1-10, Fig. 10: the slider element represents the "Data" security domain, while the slider represents the "Physical Spaces" security domain, and so on).
Claim 28: Hogg teaches the computing system of claim 25 wherein enabling a third-party to gather artifacts concerning at least one object within the threat mitigation user interface includes: enabling the third-party to gather artifacts concerning the at least one object within the inspection window. (C9L11-30: the vulnerability assessment is conducted by a third-party field agents engaged or otherwise assigned by the operators of the platform which operate on-site at the enterprise... observing operations and behaviors, and performing cyber exploration, penetration, and vulnerability examinations).
Claim 29: Hogg teaches the computing system of claim 21 further comprising: detecting the security event within the computing platform based upon identified suspect activity. (C2L33-35: assessment provided by the platform include a graphical display enabling an end user to identify weaknesses across a number of security domains... enterprise is assessed in view of a target vulnerability rating and/or peer benchmark vulnerability ratings to enable visual comparison of the enterprise's present state).
Claim 30: Hogg teaches the computing system of claim 29 wherein detecting the security event within the computing platform based upon identified suspect activity includes: monitoring a plurality of sources to identify suspect activity within the computing platform. (C10L40-60: Such digital forensic services include a tool that operates against a file system of a computer to identify files that match certain patterns, defined by regular expressions, which are defined by the user, where the patterns indicate compromise of the system and/or a tool that continuously monitors the "attack surface" of an enterprise and/or Uniform Resource Indicator access points, Internet Protocol address ranges of an enterprise and identify any changes).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Badri -- Champakesan whose telephone number is (571)270-3867. The examiner can normally be reached M-F: 8:30am-5pm (EST). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BADRINARAYANAN /P'Examiner, Art Unit 2496.