Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections – 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claimed invention is related to providing credit for being compliant with standards. 
Claims 1-7 do fall within at least one of the four categories of patent eligible subject matter because the claims recite a process (i.e., a method). 
 Although claims 1-7 fall under at least one of the four statutory categories, it should be determined whether the claim recites a judicial exception.  

Under Step 2A Prong one the claims are analyzed to determine if the claims are directed to judicial exception. 
Claim 1 recites selecting a protocol, generating a set of questions corresponding to the protocol, mapping elements of protocols, crediting and entity, presenting the questions, allowing to user to navigate the questions, storing responses, auditing transcript and generating a scorecard and awarding credential.
Claim 7 recites selecting a protocol, identifying elements, generating and storing questions, storing protocol data, and links, processing the elements of protocols, storing map, generating, determining and storing the transcript schema, generating scorecard and storing the transcript and scorecard.  
The limitation of selecting, generating, storing, generating and determining covers Mental Process. Nothing in the claim element precludes the step from practically been performed in the human mind and use a pen and paper, i.e., to score entities compliance to standard or protocol by providing questions. If a claim limitation, under its broadest reasonable interpretation, covers steps that can be performed by human mind but for the recitation of generic computer components, then it falls within the “Mental Process” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
Part I: Step 2A, prong two: additional elements that integrate the judicial exception into a practical application

Under the Step 2A, Prong two, if a claim recites a judicial exception, it should be determined whether the claim reciting the judicial exception is integrated into a practical application of that exception. However, this judicial exception is not integrated into a practical application. The claims do not include additional elements. The claims as a whole merely describe how to generally apply the concept of determining compliance to standards and generating a score based on answers to provided questions. Accordingly, no additional element is claimed. Even if, a computer was claimed, the additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. See Digitech (organizing and manipulating information through mathematical correlations), Electric Power Group (collecting information, analyzing it, and displaying certain results of the collection and analysis. 
Part II.  Determine whether any Element, or Combination, Amounts to“Significantly More” than the Abstract Idea itself

Under step 2B, the claims are evaluated to determine whether the additional elements individually or in combination are sufficient to ensure that the claim amounts to significantly more than the exception. The claims, as indicated above, do not recite additional element. In light of the specification the processors including in the processing system are recited at high level of generality and given the broadest reasonable interpretation are simply generic computers performing generic computer function of selecting, generating and storing (see Applicant’s spec [0058]). These are limitations toward receiving/obtaining data (gathering data), identifying data, performing data analysis, and generating based on the result of the analysis. Selecting, identifying, mapping crediting and presenting is a very well understood, routine and conventional computer task activity. It represents insignificant extra solution activity. Mere data-gathering step[s] cannot make an otherwise nonstaturory claim statutory In re buySAFE, Inc. v. Google, Inc., 765 F.3d 1350,1355,112 USPQ2d 1093,1096 (Fed. Cir. 2014).  As noted above, the additional elements (in light of the specification)  provide a general linking to a particular technological environment or field of use. The claims do not invoke any inventive programming, require any specialized computer hardware or other inventive computer components, i.e., a particular machine, or that the claimed invention is implemented using other than generic computer components to perform generic computer functions. Therefore, the claims do not amount to significantly more than the abstract idea itself and is not patent eligible. 
The combination of these additional elements is no more than mere instructions to apply the exception using a generic device. Accordingly, even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea. 
Dependent claims 2-6, merely add further details of the abstract elements recited in independent claims without including an improvement to another technology or technical field, an improvement to the functioning of the computer itself, or meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment. The additional limitations of the dependent claims, when considered individually and as an ordered combination, do not amount to significantly more than the abstract idea itself. Accordingly, dependent claims 2-6 are patent ineligible. Hence, claims 1-7 are not patent eligible.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-7 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Brannon et al. (US 2020/0210916 A1).
Claim 1. 
Brannon teaches selecting a first protocol for which certification is requested on behalf of an entity (determining vender compliance with one or more privacy standards) (see [0048]);
generating a set of compliance questions for the first protocol corresponding to elements of at least one protocol including the first protocol (first privacy standard compliance questionnaire, master questionnaire, mapping questions from first privacy standard compliance questionnaire to question in the master question) (see [0048]-[0049]);
identifying protocols other than the first protocol with which the user is currently certified; mapping elements of the other protocols with elements of the first protocol;
 (determining that the vendor is in compliance with a second privacy standard and mapping the first question, the ontology further maps the first question from the first privacy standard compliance questionnaire for the first privacy standard to a first question from a second privacy standard compliance questionnaire for a second privacy standard; and maps the second question from the first privacy standard compliance questionnaire for the first privacy standard to a second question from the second privacy standard compliance questionnaire for the second privacy standard) (see [0053]-[0054]).
crediting the entity for satisfied elements in a credit transcript based on the map (determining a confidence level for the questions (see [0051]), … for each of the responses to the question determining a confidence factor score) (see [0471]-[0473])
presenting the user the questions corresponding to unsatisfied elements and question
data corresponding to the questions; allowing the user to navigate the questions and store responses in the credit transcript (presenting via graphical user interface a prompt requesting an answer to the question) (see [0048]-[0052]);
automatically auditing the credit transcript to determine eligibility for at least one
credential corresponding to the first protocol (privacy audit module automatically facilitate and monitor compliance) (see [0235]-[0240]);
generating a scorecard for the entity based on at least one of the credit transcript and
the audit; and awarding at least one credential based on the scorecard (the system measure privacy maturity of a business group) (see [0375]-[0376]), (degree of compliance showing e.g., in percentage and entity complies with each specified privacy standard and regulations) (see [0689]-[0699], [0702]).
Claim 2:
Brannon teaches  wherein the question data includes data corresponding to a description of the protocol and a link to related information (the ontology map each controls listed in a set of regulations to a question that is used to assess the entity’s compliance with the set of regulations … the question includes whether the organization includes link to privacy policy) (see [0705]-[0707]).
Claim 3:
Brannon teaches wherein the scorecard includes data corresponding to different levels of certification and the at least one credential is awarded based on the scorecard (different level of confidence of the answer to each compliance question and providing indication of the confidence level that the entity actually complies the standard and the system may generate an aggregate confidence score …) (see [0692]-[0696]).
Claim 4:
Brannon teaches determining real time data associated with the entity and the credential; and awarding or revoking the at least one credential based on the real time data (analyzing vendor information and calculate or determine a risk score based on the information … accessing public database of certifications to determine whether the particular vendor holds any particular certification and determining a risk score … (see [0552]-[0557]).

Claim 5:
 Brannon teaches wherein the awarding or revoking the at least one credential results in a change in credential level associated with the first protocol ( providing a privacy standard compliance questionnaire and determining confidence score for particular privacy standard or regulation compliance determination ) (see [0048]-[0050], [0471]-[0473]).
Claim 6:
 Brannon teaches wherein the credit transcript, scorecard and at least one awarded credential are stored on a trusted network with which the entity is an authorized member (the main privacy compliance module for user authorized to use the system (see [0214], [0451]).

Claim 7:
 Brannon teach selecting a first protocol for certification (determining vender compliance with one or more privacy standards) (see [0048]);
automatically identifying elements corresponding to requirements of each paragraph of
the protocol (the system configured to determine whether the particular vendor compliance to the whole standard) (see [0194]), [0516]-[0518])
generating and storing a set of compliance questions associated with the elements (first privacy standard compliance questionnaire, master questionnaire, mapping questions from first privacy standard compliance questionnaire to question in the master question) (see [0048]-[0049]);
automatically storing protocol data and links associated with each question; processing the elements of the first protocol with elements of other protocols and based on the processing generating an element map relating the elements of the first protocol with similar elements of the other protocols storing the map in a compliance database (determining that the vendor is in compliance with a second privacy standard and mapping the first question, the ontology further maps the first question from the first privacy standard compliance questionnaire for the first privacy standard to a first question from a second privacy standard compliance questionnaire for a second privacy standard; and maps the second question from the first privacy standard compliance questionnaire for the first privacy standard to a second question from the second privacy standard compliance questionnaire for the second privacy standard) (see [0053]-[0055]);
automatically generating a transcript schema associated with the first protocol into
which to store entity responses; determining and storing in the transcript schema an elements that require real time monitoring (storing the answers to the question in the system’s memory and the system display or exporting the data in a suitable format) (see [0449]- [0451], [0479);
automatically generating a scorecard relating potential responses and the map with
scores and credentials for the first protocol; and storing the transcript schema and scorecard for the first protocol in the compliance database (for use in interviewing entities to determine compliance with the first protocol) (degree of compliance showing e.g., in percentage and entity complies with each specified privacy standard and regulations and storing an indication of the confidence level of the answers) (see [0689]-[0699], [0702]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YEHDEGA RETTA whose telephone number is (571)272-6723. The examiner can normally be reached Monday-Thursday 8am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Abdi can be reached on 571-272-6702. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/YEHDEGA RETTA/Primary Examiner, Art Unit 3688