Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

                                                       DETAILED ACTION

                                        Claim Rejections- 35 U.S.C § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
6. Claims 1-19 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claims are either directed to a method, computer readable medium, and system  which are one of the statutory categories of invention. (Step 1: YES).
Claim 11 recites the limitations of:  
 A system for generating synthetic hazard data for cyber-insurance, comprising: 		a processing circuitry; and 
a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: 
select, from treaty information, a shadow company, wherein the treaty information includes records relating to known companies and at least one shadow company, wherein the treaty information relating to the at least one shadow company does not include hazard data; 
sample, from a database, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets; 
determine a probability distribution for a likelihood that the selected shadow company uses at least one digital asset used by the sampled known companies; 
generate a set of Apriori rules describing the likelihood that two digital assets are used together; 
generate, for the selected shadow company, synthetic hazard data, wherein synthetic hazard data is hazard data generated based on the set of apriori rules and the determined the probability distribution; and 
associate the synthetic hazard data with the selected shadow company.

These limitations, under their broadest reasonable interpretation, cover performance of the limitation as certain methods of organizing human activity.
The claim recites elements that are in bold above, which covers performance of the limitation as mitigating risk, insurance (steps for generating synthetic hazard data for cyber insurance),  (e.g., select, from treaty information, a shadow company, wherein the treaty information includes records relating to known companies and at least one shadow company, wherein the treaty information relating to the at least one shadow company does not include hazard data;  sample, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets; generate a set of Apriori rules describing the likelihood that two digital assets are used together;  generate, for the selected shadow company, synthetic hazard data, wherein synthetic hazard data is hazard data generated based on the set of apriori rules and the determined the probability distribution; and associate the synthetic hazard data with the selected shadow company).
If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation as a fundamental economic practice then it falls within the “Certain Methods of Organizing Human Activity” grouping of abstract ideas. Accordingly, claim 11 recites an abstract idea.
Claims 1, 10 are abstract for similar reasons.
(Step 2A-Prong 1: YES. The claims are abstract)
This judicial exception is not integrated into a practical application. Limitations that are not indicative of integration into a practical application include: (1) Adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea (MPEP 2106.05.f), (2) Adding insignificant extra solution activity to the judicial exception (MPEP 2106.05.g), (3) Generally linking the use of the judicial exception to a particular technological environment or field of use (MPEP 2106.05.h). 


Claim 11 includes the following additional elements:
	-Processing security
	- memory containing instructions 
	- database
-determining a probability distribution for a likelihood that the selected shadow company uses at least one digital asset used by the sampled known companies.
The use of a probability distribution in order to determine a probability is generally linking the abstract idea of to a particular technological environment (probability distribution). See MPEP 2106.05(h).
The processing security, memory containing instructions and database are recited at a high level of generality and being used in its ordinary capacity and are being used as a tool for implementing the steps of the identified abstract idea, see MPEP 2106.05(f), where applying a computer or using a computer as a tool to perform the abstract idea is not indicative of a practical application.
Therefore there are no additional elements in the claim that amounts to no more than generally linking the use of the judicial exception to a particular technological environment or field of use.
Accordingly, these additional elements, when considered separately and as an ordered combination, do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. Therefore claims 1,10,11 are directed to an abstract idea without a practical application. (Step 2A-Prong 2: NO. The additional claimed elements are not integrated into a practical application)
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using computer hardware amounts to no more than generally linking the use of the judicial exception to a particular technological environment or field of use. Generally linking the use of the judicial exception to a particular technological environment or field of use, with the use of generic computer components, cannot provide an inventive concept - rendering the claim patent ineligible. Thus claims 1,10,11 are not patent eligible. (Step 2B: NO. The claims do not provide significantly more)
Dependent claims 2-9, 12-19 which further define the abstract idea that is present in their respective independent claims 1,10-11 and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination. Therefore, the dependent claims 2-9, 12-19 are directed to an abstract idea. Thus, claims 1-19 are not patent-eligible.


                                         Claim Rejections- 35 U.S.C § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claims 1-4, 16-19 are being rejected under 35 U.S.C 103(a) as being unpatentable over US Patent 10,438,155 to Mo et al, herein Mo in view of US 2017/0085595 to Ng et al, herein Ng.

	Regarding claim 1, Mo discloses:
	A method for generating synthetic hazard data for cyber-insurance, comprising: 		selecting, from treaty information, a shadow company (column 5: lines 22-29; column 10: 58-62;  column 11: lines 1-20;  where Mo discloses analyzing occurrences that occurred at a random sampling of companies from the sampled portfolio of companies),  wherein the treaty information includes records relating to Known companies and at least one shadow company (At least: column 11: lines 62-67; column 12: lines 37-58:
(59) Further, the initial risk level can be based on attributes of the portfolio companies themselves. The attributes of the portfolio companies can be used alone, or in combination with the foregoing features, to establish an initial risk level. For example, in an embodiment, certain attributes can be analyzed and a comparison performed to estimate how the initial risk of the portfolio likely deviates from a randomly sampled group of companies, or a group of companies that have attributes known to be common to companies in the portfolio.
(63) At step 202, at least one company that experienced a cybersecurity risk event during a certain time period is identified. The identified company, and attributes of the company, can serve as a starting point for determining a multiplier used to quantify the cybersecurity risk level of the portfolio. The company can be a portfolio company, or a company not in the portfolio, while certain of its attributes will be compared to those of portfolio companies. Also, the time period in which the company experienced the cybersecurity event can be all or part of a training period, as described herein. On the other hand, the time period can be randomly selected or selected about a window in which cybersecurity events occur or are thought to have occurred (e.g., a time window about a period in which cybersecurity events increase or peak). In any event, whether or not historical, the time period is preferably close enough in time to the performance of steps described herein to be relevant.

(64) At step 203, at least one attribute that is common to the company identified at step 202 and at least one company in the portfolio is identified. The identified common attributes are compared in a meaningful way to determine their correlation with cybersecurity risk. According to inventive concepts it is recognized that some attributes have minimal impact on cybersecurity risk level, while other attributes clearly influence same. For example, the sophistication of a web service vendor, its gross revenue, and its technology sector may strongly influence cybersecurity risk level, while geographic location, state of incorporation, number of employees may not. Accordingly, attributes that strongly influence cybersecurity risk will be assigned a greater weight than those that do not.
, wherein the treaty information relating to the at least one shadow company does not include hazard data (At least: column 7: lines 9-17, lines 45-56:
(29) In operation of system 100, attribute module 105 can assign weights to certain attributes using information gathered during a training period. Based on attribute data relating to portfolio and/or non-portfolio companies analyzed during the training period, system 100 then makes informed decisions on the importance of different attributes; Accordingly, a description of an exemplary machine learning platform is helpful in understanding the inventive concepts described herein.
In an embodiment, the real-time processing path excludes historical data (i.e., stored data pertaining to attributes analyzed in the past) from its evaluation. Alternatively, in an embodiment, the real-time processing path excludes third-party data from the evaluation in the real-time processing path. These example types of data that are excluded from the real-time path can be evaluated in the batch processing path.

Mo discloses a cyber insurance portfolio manager determines that certain attributes such as a company’s technology area, are important for analyzing cyber security risk (At least: column 4: lines 65-67; column 5: lines 1- 6; column 6: lines 48-57).
Mo does not disclose, Ng in the same field of endeavor discloses:
	sampling, from a database, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets (At least: [0032], [0095], [0047], [0114], where Ng discloses a DDos (Denial of service attack) akin to the digital asset);
[0095]: Additionally, following the recommendations may enable the policy company to update and/or change policy criteria of a cyber security policy. In still further alternatives, the composite score of several or many entities may be aggregated and used by insurance companies, reinsurance companies, brokers and/or ratings agencies to understand and/or evaluate an aggregate risk and assess insurance premiums and/or reinsurance treaties and/or change or evaluate a credit rating. This is described in further detail above.
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify Mo’s invention to include sampling, from a database, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets in order to ensure that by determining diversity and/or similarity between entities with respect to risk, (e.g., cyber security risk), diversity between the analyzed entities is improved (Ng: [0028]).
Mo further discloses:
	determining a probability distribution for a likelihood that the selected shadow company uses at least one digital asset used by the sampled known companies (At least: column 3: lines 11-19; Figs 4A-4B; column 9: lines 1-5; column 11: lines 21-33);
	generating a set of Apriori rules describing the likelihood that two digital assets are used together (At least: column 5: lines 23-28; 33-43:
The multiplier functions as a predictive value of the likelihood that a cybersecurity event (e.g., a catastrophic loss) will occur with respect to portfolio companies and can be used with a default, initial, or otherwise “standardized” cybersecurity risk level value based on a randomly-sampled set of companies or a set of companies specified according to certain criteria) to express the portfolio's cybersecurity risk level. Further, as discussed herein, system 100 can utilize different methods to derive the feature sets used to generate the multiplier.
(20) Using the multiplier, system 100 executes steps, or directs a user to execute steps, to mitigate portfolio risk within a minimal or otherwise optimum number of steps. For example, a user can be directed to replace certain portfolio companies with companies not in the portfolio, which themselves can be randomly selected or selected according to predefined criteria. Also, a user can be directed to change certain interdependencies of portfolio companies. For example, if two or more portfolio companies use a problematic web host or share an upstream vendor, system 100 can flag that issue in its multiplier algorithm and direct a user to create a new portfolio composition where, e.g., the web host is not included as a vendor. In this way, system 100 can create a portfolio of companies that have dependencies (e.g., first-degree dependencies, second-degree dependencies, and so on) that optimizes the portfolios aggregate cybersecurity risk level
, where Mo teaches the “a prior rule” (akin to the criteria) is based on probability analysis).

	generating, for the selected shadow company, synthetic hazard data, wherein synthetic hazard data is hazard data generated based on the set of Apriori rules and the determined the probability distribution (At least: column 14: lines 11-20:

(70) In other words, to generate the multiplier, machine learning techniques are used to analyze both a portfolio of interest and companies that experienced cybersecurity event in a certain time period (e.g., the past six (6) months). From this, an estimate of the risk that multiple companies will experience a cybersecurity event is generated. According to an embodiment, the value of the multiplier is constrained to vary between 0 and 2(x), where 1(x) is the probability that a randomly composed portfolio will experience a cybersecurity event.

   ; and
	associating the synthetic hazard data with the selected shadow company (At least:  column 14: lines 39-64: 


    PNG
    media_image1.png
    576
    540
    media_image1.png
    Greyscale
  .


	Regarding claim 2, Mo discloses the method of claim 1. Mo further discloses wherein the method is repeated for each shadow company included in the treaty information (At least: column 9: lines 43-51, 65-67; column 10: lines 1-9).
	Claim 12 is being rejected using the same rationale as claim 2.
	Regarding claim 3, Mo discloses the method of claim 1. Mo further discloses wherein the number of known companies Is a function of a count of the known companies included in the database (At least: column 6: line 28-45).
	Claim 13 is being rejected using the same rationale as claim 3.
	Regarding claim 4, Mo discloses the method of claim 1. Mo does not disclose, Ng in the same field of endeavor discloses wherein treaty information includes information on companies organized in an insurance treaty, wherein at least one of the companies in the treaty information is a shadow company having identifying details but missing hazard data (At least: [0132], [0133], [0095]).
Therefore it would have been obvious to one of ordinary skill in the art a the time of the invention to modify Mo’s invention to include wherein treaty information includes information on companies organized in an insurance treaty, wherein at least one of the companies in the treaty information is a shadow company having identifying details but missing hazard data in order to ensure that by determining diversity and/or similarity between entities with respect to risk, (e.g., cyber security risk), diversity between the analyzed entities is improved (Ng: [0028]).
	Claim 14 is being rejected using the same rationale as claim 4.

	Regarding claim 6, Mo discloses the method of claim 1. Mo further discloses wherein determining the probability distribution further comprises:
correlating hazard data of the sampled known companies with industry-based hazard data, wherein industry-based hazard data includes digital assets commonly used in the industry and location of the shadow company (At least: column 6: lines 51-65; column 17: lines 2-15).
	Claim 16 is being rejected using the same rationale as claim 6.
Regarding claim 7, Mo discloses the method of claim 1. Mo further discloses wherein the database is an industry exposure database (At least: column 6: lines 34-45, 51-65; column 17: lines 2-15).
	Claim 17 is being rejected using the same rationale as claim 7.
	Regarding claim 8, Mo discloses the method of claim 1. Mo further discloses wherein a digital asset is at least one of: a technology, an application, or a service, which is utilized or deployed by a company included in the database (At least: column 3: lines 61-67; column 6: lines 17-26).
	Claim 18 is being rejected using the same rationale as claim 8.
	Regarding claim 9, Mo discloses the method of claim 1. Mo further discloses wherein generating at least an Apriori rule further comprises: applying at least an Apriori algorithm to a set of data, wherein the set of data includes hazard data of the companies included in the sampled known companies and industry hazard data (At least: column 5: lines 23-28; 33-43).
	Claim 19 is being rejected using the same rationale as claim 9.

	Regarding claim 10, Mo discloses: 
A non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry to execute a process, the process comprising (At least: column 19: lines 25-32, column 22: lines 15-20):
	selecting, from treaty information, a shadow company (column 5: lines 22-29; column 10: 58-62;  column 11: lines 1-20;  where Mo discloses analyzing occurrences that occurred at a random sampling of companies from the sampled portfolio of companies),  wherein the treaty information includes records relating to Known companies and at least one shadow company (At least: column 11: lines 62-67; column 12: lines 37-58:
(59) Further, the initial risk level can be based on attributes of the portfolio companies themselves. The attributes of the portfolio companies can be used alone, or in combination with the foregoing features, to establish an initial risk level. For example, in an embodiment, certain attributes can be analyzed and a comparison performed to estimate how the initial risk of the portfolio likely deviates from a randomly sampled group of companies, or a group of companies that have attributes known to be common to companies in the portfolio.
(63) At step 202, at least one company that experienced a cybersecurity risk event during a certain time period is identified. The identified company, and attributes of the company, can serve as a starting point for determining a multiplier used to quantify the cybersecurity risk level of the portfolio. The company can be a portfolio company, or a company not in the portfolio, while certain of its attributes will be compared to those of portfolio companies. Also, the time period in which the company experienced the cybersecurity event can be all or part of a training period, as described herein. On the other hand, the time period can be randomly selected or selected about a window in which cybersecurity events occur or are thought to have occurred (e.g., a time window about a period in which cybersecurity events increase or peak). In any event, whether or not historical, the time period is preferably close enough in time to the performance of steps described herein to be relevant.

(64) At step 203, at least one attribute that is common to the company identified at step 202 and at least one company in the portfolio is identified. The identified common attributes are compared in a meaningful way to determine their correlation with cybersecurity risk. According to inventive concepts it is recognized that some attributes have minimal impact on cybersecurity risk level, while other attributes clearly influence same. For example, the sophistication of a web service vendor, its gross revenue, and its technology sector may strongly influence cybersecurity risk level, while geographic location, state of incorporation, number of employees may not. Accordingly, attributes that strongly influence cybersecurity risk will be assigned a greater weight than those that do not.
, wherein the treaty information relating to the at least one shadow company does not include hazard data (At least: column 7: lines 9-17, lines 45-56:
(29) In operation of system 100, attribute module 105 can assign weights to certain attributes using information gathered during a training period. Based on attribute data relating to portfolio and/or non-portfolio companies analyzed during the training period, system 100 then makes informed decisions on the importance of different attributes; Accordingly, a description of an exemplary machine learning platform is helpful in understanding the inventive concepts described herein.
In an embodiment, the real-time processing path excludes historical data (i.e., stored data pertaining to attributes analyzed in the past) from its evaluation. Alternatively, in an embodiment, the real-time processing path excludes third-party data from the evaluation in the real-time processing path. These example types of data that are excluded from the real-time path can be evaluated in the batch processing path.

Mo discloses a cyber insurance portfolio manager determines that certain attributes such as a company’s technology area, are important for analyzing cyber security risk (At least: column 4: lines 65-67; column 5: lines 1- 6; column 6: lines 48-57).
Mo does not disclose, Ng in the same field of endeavor discloses:
	sampling, from a database, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets (At least: [0032], [0095], [0047], [0114], where Ng discloses a DDos (Denial of service attack) akin to the digital asset);
[0095]: Additionally, following the recommendations may enable the policy company to update and/or change policy criteria of a cyber security policy. In still further alternatives, the composite score of several or many entities may be aggregated and used by insurance companies, reinsurance companies, brokers and/or ratings agencies to understand and/or evaluate an aggregate risk and assess insurance premiums and/or reinsurance treaties and/or change or evaluate a credit rating. This is described in further detail above.
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify Mo’s invention to include sampling, from a database, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets in order to ensure that by determining diversity and/or similarity between entities with respect to risk, (e.g., cyber security risk), diversity between the analyzed entities is improved (Ng: [0028]).
Mo further discloses:
	determining a probability distribution for a likelihood that the selected shadow company uses at least one digital asset used by the sampled known companies (At least: column 3: lines 11-19; Figs 4A-4B; column 9: lines 1-5; column 11: lines 21-33);
	generating a set of Apriori rules describing the likelihood that two digital assets are used together (At least: column 5: lines 23-28; 33-43:
The multiplier functions as a predictive value of the likelihood that a cybersecurity event (e.g., a catastrophic loss) will occur with respect to portfolio companies and can be used with a default, initial, or otherwise “standardized” cybersecurity risk level value based on a randomly-sampled set of companies or a set of companies specified according to certain criteria) to express the portfolio's cybersecurity risk level. Further, as discussed herein, system 100 can utilize different methods to derive the feature sets used to generate the multiplier.
(20) Using the multiplier, system 100 executes steps, or directs a user to execute steps, to mitigate portfolio risk within a minimal or otherwise optimum number of steps. For example, a user can be directed to replace certain portfolio companies with companies not in the portfolio, which themselves can be randomly selected or selected according to predefined criteria. Also, a user can be directed to change certain interdependencies of portfolio companies. For example, if two or more portfolio companies use a problematic web host or share an upstream vendor, system 100 can flag that issue in its multiplier algorithm and direct a user to create a new portfolio composition where, e.g., the web host is not included as a vendor. In this way, system 100 can create a portfolio of companies that have dependencies (e.g., first-degree dependencies, second-degree dependencies, and so on) that optimizes the portfolios aggregate cybersecurity risk level
, where Mo teaches the “a prior rule” (akin to the criteria) is based on probability analysis).

	generating, for the selected shadow company, synthetic hazard data, wherein synthetic hazard data is hazard data generated based on the set of Apriori rules and the determined the probability distribution (At least: column 14: lines 11-20:

(70) In other words, to generate the multiplier, machine learning techniques are used to analyze both a portfolio of interest and companies that experienced cybersecurity event in a certain time period (e.g., the past six (6) months). From this, an estimate of the risk that multiple companies will experience a cybersecurity event is generated. According to an embodiment, the value of the multiplier is constrained to vary between 0 and 2(x), where 1(x) is the probability that a randomly composed portfolio will experience a cybersecurity event.

   ; and
	associating the synthetic hazard data with the selected shadow company (At least:  column 14: lines 39-64: 


    PNG
    media_image2.png
    576
    540
    media_image2.png
    Greyscale
  .


	




Regarding claim 11, Mo discloses:
 A system for generating synthetic hazard data for cyber-insurance, comprising: 			a processing circuitry (At least: column 5: lines 49-57); and
	a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to (At least: column 2: lines 16-20) :  		select, from treaty information, a shadow company (column 5: lines 22-29; column 10: 58-62;  column 11: lines 1-20;  where Mo discloses analyzing occurrences that occurred at a random sampling of companies from the sampled portfolio of companies),  wherein the treaty information includes records relating to Known companies and at least one shadow company (At least: column 11: lines 62-67; column 12: lines 37-58:
(59) Further, the initial risk level can be based on attributes of the portfolio companies themselves. The attributes of the portfolio companies can be used alone, or in combination with the foregoing features, to establish an initial risk level. For example, in an embodiment, certain attributes can be analyzed and a comparison performed to estimate how the initial risk of the portfolio likely deviates from a randomly sampled group of companies, or a group of companies that have attributes known to be common to companies in the portfolio.
(63) At step 202, at least one company that experienced a cybersecurity risk event during a certain time period is identified. The identified company, and attributes of the company, can serve as a starting point for determining a multiplier used to quantify the cybersecurity risk level of the portfolio. The company can be a portfolio company, or a company not in the portfolio, while certain of its attributes will be compared to those of portfolio companies. Also, the time period in which the company experienced the cybersecurity event can be all or part of a training period, as described herein. On the other hand, the time period can be randomly selected or selected about a window in which cybersecurity events occur or are thought to have occurred (e.g., a time window about a period in which cybersecurity events increase or peak). In any event, whether or not historical, the time period is preferably close enough in time to the performance of steps described herein to be relevant.

(64) At step 203, at least one attribute that is common to the company identified at step 202 and at least one company in the portfolio is identified. The identified common attributes are compared in a meaningful way to determine their correlation with cybersecurity risk. According to inventive concepts it is recognized that some attributes have minimal impact on cybersecurity risk level, while other attributes clearly influence same. For example, the sophistication of a web service vendor, its gross revenue, and its technology sector may strongly influence cybersecurity risk level, while geographic location, state of incorporation, number of employees may not. Accordingly, attributes that strongly influence cybersecurity risk will be assigned a greater weight than those that do not.
, wherein the treaty information relating to the at least one shadow company does not include hazard data (At least: column 7: lines 9-17, lines 45-56:
(29) In operation of system 100, attribute module 105 can assign weights to certain attributes using information gathered during a training period. Based on attribute data relating to portfolio and/or non-portfolio companies analyzed during the training period, system 100 then makes informed decisions on the importance of different attributes; Accordingly, a description of an exemplary machine learning platform is helpful in understanding the inventive concepts described herein.
In an embodiment, the real-time processing path excludes historical data (i.e., stored data pertaining to attributes analyzed in the past) from its evaluation. Alternatively, in an embodiment, the real-time processing path excludes third-party data from the evaluation in the real-time processing path. These example types of data that are excluded from the real-time path can be evaluated in the batch processing path.

Mo discloses a cyber insurance portfolio manager determines that certain attributes such as a company’s technology area, are important for analyzing cyber security risk (At least: column 4: lines 65-67; column 5: lines 1- 6; column 6: lines 48-57).
Mo does not disclose, Ng in the same field of endeavor discloses:
	sample, from a database, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets (At least: [0032], [0095], [0047], [0114], where Ng discloses a DDos (Denial of service attack) akin to the digital asset);
[0095]: Additionally, following the recommendations may enable the policy company to update and/or change policy criteria of a cyber security policy. In still further alternatives, the composite score of several or many entities may be aggregated and used by insurance companies, reinsurance companies, brokers and/or ratings agencies to understand and/or evaluate an aggregate risk and assess insurance premiums and/or reinsurance treaties and/or change or evaluate a credit rating. This is described in further detail above.
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify Mo’s invention to include sampling, from a database, a number of known companies that are part of an insurance treaty, wherein the sampled known companies include verified hazard data for their digital assets in order to ensure that by determining diversity and/or similarity between entities with respect to risk, (e.g., cyber security risk), diversity between the analyzed entities is improved (Ng: [0028]).
Mo further discloses:
	determine a probability distribution for a likelihood that the selected shadow company uses at least one digital asset used by the sampled known companies (At least: column 3: lines 11-19; Figs 4A-4B; column 9: lines 1-5; column 11: lines 21-33);
	generate a set of Apriori rules describing the likelihood that two digital assets are used together (At least: column 5: lines 23-28; 33-43:
The multiplier functions as a predictive value of the likelihood that a cybersecurity event (e.g., a catastrophic loss) will occur with respect to portfolio companies and can be used with a default, initial, or otherwise “standardized” cybersecurity risk level value based on a randomly-sampled set of companies or a set of companies specified according to certain criteria) to express the portfolio's cybersecurity risk level. Further, as discussed herein, system 100 can utilize different methods to derive the feature sets used to generate the multiplier.
(20) Using the multiplier, system 100 executes steps, or directs a user to execute steps, to mitigate portfolio risk within a minimal or otherwise optimum number of steps. For example, a user can be directed to replace certain portfolio companies with companies not in the portfolio, which themselves can be randomly selected or selected according to predefined criteria. Also, a user can be directed to change certain interdependencies of portfolio companies. For example, if two or more portfolio companies use a problematic web host or share an upstream vendor, system 100 can flag that issue in its multiplier algorithm and direct a user to create a new portfolio composition where, e.g., the web host is not included as a vendor. In this way, system 100 can create a portfolio of companies that have dependencies (e.g., first-degree dependencies, second-degree dependencies, and so on) that optimizes the portfolios aggregate cybersecurity risk level
, where Mo teaches the “a prior rule” (akin to the criteria) is based on probability analysis).

	generate, for the selected shadow company, synthetic hazard data, wherein synthetic hazard data is hazard data generated based on the set of Apriori rules and the determined the probability distribution (At least: column 14: lines 11-20:

(70) In other words, to generate the multiplier, machine learning techniques are used to analyze both a portfolio of interest and companies that experienced cybersecurity event in a certain time period (e.g., the past six (6) months). From this, an estimate of the risk that multiple companies will experience a cybersecurity event is generated. According to an embodiment, the value of the multiplier is constrained to vary between 0 and 2(x), where 1(x) is the probability that a randomly composed portfolio will experience a cybersecurity event.

   ; and
	associate the synthetic hazard data with the selected shadow company (At least:  column 14: lines 39-64: 


    PNG
    media_image2.png
    576
    540
    media_image2.png
    Greyscale
  .


2.	Claims 5,15 are being rejected under 35 U.S.C 103(a) as being unpatentable over Mo in view of Ng, and further in view of US Patent 7,409,357 to Schaf et al, herein Schaf.
	Regarding claim 5, Mo discloses the method of claim 1. Mo further discloses further comprising: determining the probability distribution using a Bayesian inference model (At least: column 13: lines 65-67; column 14: lines 1-10).
Mo does not disclose, Schaf in the same field of endeavor discloses a probability distribution using a Bayesian inference model with Monte Carlo Markov-Chain simulation (At least: column 34: lines 54-67).
Therefore it would have been obvious to one of ordinary skill in the art at the time of the invention to modify Mo’s invention to include probability distribution using a Bayesian inference model with Monte Carlo Markov-Chain simulation in order to ensure that the bank wide insurance portfolio is optimized (Schaf: column 2: lines 19-21).
	Claim 15 is being rejected using the same rationale as claim 5.

                                                            CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD Z SHAIKH whose telephone number is (571)270-3444. The examiner can normally be reached M-T, 9-600; Fri, 8-11, 3-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, BENNETT SIGMOND can be reached on 303-297-4411. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/MOHAMMAD Z SHAIKH/Primary Examiner, Art Unit 3694                                                                                                                                                                                                        8/22/2022