DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/17/2022 has been entered.
 
Applicant amended claims 1, 9 and 10.  The claims 1-20 are pending.
	
Response to Arguments
Applicant’s arguments, filed 6/17/22, with respect to claims 1-8 and 10-20 have been fully considered and are persuasive.  The previous 35 U.S.C. 103 rejection has been withdrawn. 
Applicant's arguments filed 6/17/22 with respect to Claim 9 have been fully considered but they are not persuasive. Claim 9 has been amended below addressing the added limitations.  Specifically, Readshaw teaches the retrieve from a database information regarding each user (¶ 0024) and network exchange occurred for the specific user (¶ 0027).


Claim Objections
Claim 16 is objected to because of the following informalities:  claim 16 should depend from claim 15 to provide antecedent basis for “using the weightings” from introduced in claim 15.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Neil Readshaw (US Pub No 2009/0241168) in view of Hawthorn et al. (US Pub No 2015/0229664).

With respect to claim 9, Readshaw teaches a system, comprising: 
an information repository; and a processor (e.g., security-awareness modules for determining a measure of security awareness of a user ¶ 0023), configured: 
to retrieve, from the information repository, information comprising features of network traffic exchanged with a computing device of a user (e.g., the security awareness module can be configured to simulate a cyber-security attack against a user, and depending on how the user responds to the particular simulated cyber-security attack, the security awareness module calculate the measure of security awareness @ ¶ 0030 and ¶ 0031 further teaches the security awareness module decrement or increment the security awareness based on how a user respond to a particular types of cyber-security attack, such as “phishing e-mail” being calculated differently from other types of cyber-security attack, therefore teaches that different measurement is given for different types of cyber-security attacks.  Readshaw teaches the security awareness module is able to retrieve from a database input on “a type of cyber-security attack” in order to calculate the particular security awareness measure for the particular type of cyber-security attack associated with a user ¶ 0024), wherein said features comprise at least one of: 
a timing of updates to protective software; a number or nature of downloads of illegal software; a number or nature of downloads from untrusted sites; a type or version of an operating system (OS) installed on the user's device; whether an OS is genuine or cracked; whether an OS has been updated with latest service packs; a number of source internet protocol (IP) addresses from which the user has communicated; whether the user utilizes network protection; whether the user uses secured connections; a respective trust levels or categories of websites visited by the user; a number of ads on which the user has clicked; a number of approvals of untrusted certificates or trustworthiness of ap- proved certificates; a type of web browser used by the user; a number of cookies received by the user; a user's frequency in deleting cookies or browsing history of the user; a number of browser add-on installations performed by the user; a respective types or reputations of websites visited by the user; and a diversity of websites visited by the user (e.g., Readshaw teaches at least one of the above feature at ¶ 0027 with “the security awareness module 208 can be configured to measure the security awareness of the user based upon past user actions” including interactions with visited websites by the user ¶ 0031; or even feature such as the user visited a diversity of websites ¶ 0032); 
to compute, based on the features, a score [quantifying] a cyber-security aware- ness of the user (e.g., each type of security awareness corresponds to a characteristic vector of coefficients to later use to compute a final and compound security awareness score ¶ 0031-0035), and 
to generate an output indicative of the score (e.g., depending on the determined measure of security awareness, generating an output indicative of the security score ¶ 0023). 
Readshaw discloses the computing of a final security awareness score, but does not explicitly disclose computing a score quantifying a cyber-security awareness of the user.  However, analogous art in the same field of endeavor, Hawthorn teaches 
computing a score quantifying a cyber-security awareness of the user (e.g., a user risk calculator computing a score quantifying the user’s cyber-security awareness or “ThreatScore” based on a plurality of data vector comprising security item interaction data, training item interaction data, user property data, and/or user technical information collected for a given user with the set of risk scoring metrics ¶ 0171).
Therefore, based on Readshaw in view of Hawthorn, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Hawthorn to the system of Readshaw in order to provide a preventative and forward-thinking method and system for security risk assessment to secure an enterprise network and mobile device (¶ 0003).

Allowable Subject Matter
Claims 1-8 and 10-20 allowed over prior arts.
This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104 (e). In this case, the substance of applicant's remarks in the Amendment filed on 6/17/22 point out the reasons claims are patentable over the prior art of record. Thus, the reason for allowance is in all probability evident from the record and no statement for examiner's reason for allowance is necessary (see MPEP 1302.14). 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAU LE whose telephone number is (571)270-7217. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL COLIN can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/CHAU LE/Primary Examiner, Art Unit 2493