DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This is the Non-Final Office Action in response to the Application No. 17/085,871, title: “Cybersecurity Profile Generated Using A Simulation Engine”.

Status of the Claims
Claims 1-10 are pending in the application and have been examined.

Priority
This application is a CON of 15/678,089 filed on 08/15/2017 (Patented No. 10,853,883) which is a CON of 15/343,209 filed on 11/04/2016 (Patented No. 11,087,403) which is a CIP of 15/229,476 filed on 08/05/2016 (Patented No. 10,454,791) which is a CIP of 15/206,195 filed on 07/08/2016 (Abandoned) which is a CIP of 15/186,453 filed on 06/18/2016 (Abandoned) which is a CIP of 15/166,158 filed on 05/26/2016 which is a CIP of 15/141,752 filed on 04/28/2016 (Patented No. 10,860,962) which is a CIP of 15/091,563 filed on 04/05/2016 (Patented No. 10,204,147) and is a CON of 14/986,536 filed on 12/31/2015 (Patented No. 10,210,255) and is a CON of 14/925,974 filed on 10/28/2015 (Abandoned).
For the purpose of examination, the 10/28/2015 is considered to be the effective filing date.
Information Disclosure Statement
An information disclosure statement filed on 10/30/2020 has been considered.  A copy of the PTOL-1449 form with the examiner’s initials is enclosed to this Office Action.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 
Claims 1-10 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-10 of U.S. Patent No. 10,853,883.  Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-10 of the present application recite substantially the same limitations as claims 1-10 of the ‘883 patent with minor variations that would have been obvious to one of ordinary skills in the art.  The minor variations such as the steps of receive/store questionnaire information, request/receive authorization, and store search results, are the insignificant activities and would not have changed the scope of the application.  Also, both the application and patent are commonly owned and directed to the same field of invention.

Application No. 17/085,871
Patent No. 10,853,883
     Claim 1, A system for generating a cybersecurity profile for cyber insurance risk analysis, comprising:
     Claim 1, A system for generating a cybersecurity profile for cyber insurance risk analysis, comprising: 
     a network-connected server comprising a memory, a processor, and a non-volatile storage device;
     a network-connected server comprising a memory, a processor, and a non-volatile storage device; 
     a web portal comprising a first plurality of programming instructions stored in the memory and operating on the processor which causes the network-connected server to:
     a web portal comprising a first plurality of programming instructions stored in the memory and operating on the processor which causes the network-connected server to: 

     receive and store questionnaire information provided by a client, the questionnaire information comprising identification of an industry in which the client operates a business;

     request and receive authorization from the client to obtain a snapshot of a client computer;
     install and execute a software snapshot script on the client computer, the software snapshot script comprising a second plurality of programming instructions operating on the client computer which cause the client computer to: 
     install and execute a software snapshot script on the client computer, the software snapshot script comprising a second plurality of programming instructions operating on the client computer which cause the client computer to: 
     identify a network of computers to which the client computer is attached;
     identify a network of computers to which the client computer is attached; 
     determine a baseline network usage of the network of computers; 
     determine a baseline network usage of the network of computers; 
     identify publicly facing computers in the network of computers; 
     identify publicly facing computers in the network of computers; 
     identify software and services running on the network of computers; and 
     identify software and services running on the network of computers; and 
     store client network data on the non-volatile storage device, the client network data 15 comprising the identified network of computers, the baseline network usage, the publicly facing computers, and the identified software and services;
     store client network data on the non-volatile storage device, the client network data comprising the identified network of computers, the baseline network usage, the publicly facing computers, and the identified software and services;
     a high volume web crawler comprising a third plurality of programming instructions stored in the memory and operating on the processor which cause the network-connected server to:
     a high volume web crawler comprising a third plurality of programming instructions stored in the memory and operating on the processor which cause the network-connected server to: 
     retrieve the client network data from the non-volatile storage device; and
     retrieve the identification of the industry and the client network data from the non-volatile storage device; 
     search the Internet for current trends in exploits and cyberattack targets related to the industry and the client network data;
     search the Internet for current trends in exploits and cyberattack targets related to the industry and the client network data; and 

     store search results from the Internet search in the non-volatile storage device; and
     a directed computational graph analysis module comprising a fourth plurality of programming instructions stored in the memory and operating on the processor which cause the network-connected server to:
     a directed computational graph analysis module comprising a fourth plurality of programming instructions stored in the memory and operating on the processor which cause the network-connected server to: 
     retrieve the client network data and the search results from the non-volatile storage device; and
     retrieve the identification of the industry, the client network data, and the search results from the non-volatile storage device; and 
     construct a propensity-to-be-attacked profile from the client network data and the search results, the propensity-to-be-attacked profile comprising a directed computational graph comprising nodes representing data transformations and edges representing messages between the nodes; and
     construct a propensity to be attacked profile from the identification of the industry, the client network data, and the search results, the propensity to be attacked profile comprising a directed computational graph comprising nodes representing data transformations and edges representing messages between the nodes;
     an automated planning service module comprising a fifth plurality of programming instructions stored in the memory and operating on the processor which cause the network- connected server to: 
     an automated planning service module comprising a fifth plurality of programming instructions stored in the memory and operating on the processor which cause the network-connected server to: 
     analyze the propensity-to-be-attacked profile by performing one or more analyses on the directed computational graph to determine a likelihood of various cyberattack occurrences; and 
     analyze the propensity to be attacked profile by performing one or more analyses on the directed computational graph to determine a likelihood of various cyberattack occurrences; and 
     assign a threat profile based on the likelihood of various cyberattack occurrences.
     assign a threat profile based on the likelihood of various cyberattack occurrences.









Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-10 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.  
Step 1:
Under the 2019 Revised PEG, Step 1 analysis, the claims are reviewed to determine whether they fall within the four statutory categories of patentable subject matter (i.e., process, machine, manufacture, or combination of matter). 
Claims 1-10 recite a system comprising various computer components and a method comprising a series of steps for generating a cybersecurity profile for cyber insurance risk analysis.  The claims recite a process and a machine which fall within the four statutory categories of invention (Step 1-Yes).
Step 2A Prong 1:
Under the 2019 Revised PEG, Step 2A, Prong 1, the claims are reviewed to determine whether they recite a judicial exception by identifying if the claim limitations fall in one of the enumerated abstract idea groupings (i.e., organizing human activity, mathematical concepts, and mental processes) that amount to a judicial exception to patentability.
Upon a review of the claims, other than the recitation of the network-connected server, web portal, client computer, web crawler, directed computational graph analysis module, and automated planning service module along with programming instructions, claims 1 and 6 as a whole recite a system/method for generating a cybersecurity profile for cyber insurance risk analysis using a time series data retrieval and storage server to receive new information and retrieve data previously gathered and stored, and using a computational graph analysis module to retrieve and perform an analysis on the retrieved data for likelihood of various incident occurrences with likely culprits for each incident, and also using an automated planning service module to receive data/metadata and perform predictive simulation analysis on the received data.  
The claims describe the concept of using an insurance system (i.e., simulation engine) for receiving data, retrieving data, and retrieving more data, so as to perform the computational graph analysis and the predictive simulation analysis for cyber insurance using an insurance system that comprises various computer modules.  The claims are directed to a process of organizing and processing of insurance data in order to generate a cybersecurity profile using the insurance system.  This is a method of organizing human activity and relates to fundamental economic practice (i.e., hedging, insurance, mitigating risk) and commercial or legal interactions (i.e., agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations).  
The process being performed on the server along with various modules via the network limits the idea to a particular technical environment.  The recited process, such as installing/executing a software, identifying a network, determining a baseline, identifying publicly facing computers, receiving data, retrieving data, retrieving more data, so as to construct the computational graph analysis and the predictive simulation analysis for cyber insurance, narrow the abstract idea to a particular type of relationship, but they do not change the analysis because it is merely a process (a series of steps) to govern how the process is performed.  The claims merely implementing the abstract idea in a particular technological environment (i.e., insurance simulation engine).  The mere nominal recitation of computer components do not take the claims out of the methods of organizing human activity grouping.  Therefore, the claims recite an abstract idea (Step 2 Prong 1-Yes).
Step 2A Prong 2:
Under the 2019 Revised PEG, Step 2A, Prong 2, the claims are reviewed to determine whether the judicial exception (i.e., abstract idea) is integrated into a practical application.  In order to make this determination, the additional element(s), or combination of elements, are analyzed to determine if the claim as a whole integrates the recited judicial exception into a practical application of that exception.  A claim that integrates a judicial exception into a practical application will apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that the claim is more than a drafting effort designed to monopolize the judicial exception.
This judicial exception is not integrated into a practical application.  In particular, the claims recite the additional elements of:  a network-connected server, web portal, client computer, web crawler, directed computational graph analysis module, and automated planning service module all comprising a memory, a processor, and programming instructions to perform the receiving, retrieving, retrieving, constructing, analyzing, and assigning steps (see claim 1).  The recited additional elements in all steps are recited at a high level of generality and the limitations are done by the generically recited computer system (see Specification, paragraphs 31-33 and Figure 1).  The limitations are merely instructions to implement the abstract idea on an insurance system over a network and require no more than a generic computer to perform the generic computer functions including executing and operating the time series data retrieval and storage server, directed computational graph analysis module, and automated planning service module to generate a cybersecurity profile with steps of receiving new client information (transmitting or receiving data), retrieving stored information (transmitting or receiving data), retrieving more data (transmitting or receiving data), analyzing retrieved data (processing data over a network), receiving metadata (transmitting or receiving data), and performing predictive simulation transactions (processing data over a network).  All these generic computer functions are well-understood, routine, and conventional activities previously known to the industry similar to those referenced by MPEP 2106.05(d) II.  Therefore, the claims are directed to an abstract idea without a practical application.
Further, the dependent claims do no more than providing additional instructions and administrative requirements for the functional steps already recited in the independent claims.  Each and every recited combination between the recited computing hardware and the recited computing functions has been considered.  No non-generic or non-conventional arrangement is found.  Accordingly, the claims do not include additional element(s) that integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.  Therefore, the claims are directed to the abstract idea (Step 2A Prong 2-No).
Step 2B:
Under the 2019 Revised PEG, Step 2A, Prong 2, the claims are reviewed to determine whether the claims provide an inventive concept (i.e., whether the claim(s) include additional elements, or combinations of elements, that are sufficient to amount to significantly more than the judicial exception (i.e., abstract idea)).
As noted in above, the claims as a whole merely describe how to generally “apply” the concept of using an insurance system (i.e., simulation engine) for generating a cybersecurity profile for cyber insurance risk analysis by receiving data, retrieving data, and retrieving more data, so as to perform the computational graph analysis and the predictive simulation analysis for cyber insurance.  All these generic computer functions are well-understood, routine, and conventional activities previously known to the industry similar to those referenced by MPEP 2106.05(d) II.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when considered separately and as an ordered combination, they do not add significantly more (also known as an “inventive concept”) to the exception.  As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using a computer hardware and/or software amount to no more than mere instructions to apply the exception using a generic computer component.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept (see specification, paragraphs 31-33 and Figure 1).  Accordingly, these additional elements do not change the outcome of the analysis, when considered separately and as an ordered combination.  No inventive concept is found in the claims.  Therefore, claims 1 and 6 are not patent eligible.
Dependent claims 2-5 and 7-10 further define the abstract idea that is present in their respective independent claims 1 and 6 and thus correspond to Certain Methods of Organizing Human Activity and hence are abstract for the reasons presented above.
Claims 2 and 7 further include more details on the information provided by the client includes systems configuration, layout, and assets (additional details for systems configuration, layout, and assets). The claims individually or in combination with others do not integrate the abstract idea into a practical application or provide an inventive concept to the abstract idea. 

Claims 3 and 8 further include more details on the directed computational graph such as previously gathered and analyzed data from other clients and stored in the non-volatile storage (additional details for the directed computational graph).  The claims individually or in combination with others do not integrate the abstract idea into a practical application or provide an inventive concept to the abstract idea. 

Claims 4 and 9 further include more details for the high volume web crawler to continuously monitor the Internet for release and development of new cybersecurity threats (additional instructions for the high volume web crawler).  The claims individually or in combination with others do not integrate the abstract idea into a practical application or provide an inventive concept to the abstract idea.

Claims 5 and 10 further include more details for the search results that are used to protect a client’s systems from threats (additional instructions for the search results).  The claims individually or in combination with others do not integrate the abstract idea into a practical application or provide an inventive concept to the abstract idea.

The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  Therefore, the dependent claims are directed to an abstract idea.  Thus, the claims are not patent-eligible.
The focus of the claims is on utilizing an insurance system to receive data, retrieve data, and retrieve more data, in order to perform the computational graph analysis and the predictive simulation analysis in order to generate a cybersecurity profile for cyber insurance.  The claims are not directed to a new type of a time series data retrieval and storage server, a directed computational graph analysis module, an automated planning service module, a memory, or a processor, nor do they provide a method of processing data that improves existing technological processes.  The focus of the claims is not on improving computer-related technology, but on an independently abstract idea that uses computers as tools.  Accordingly, when viewed as a whole, the claims do no more than generally linking the use of the judicial exception to a particular technological environment or field of use.  No inventive concept is found in the claims.  Therefore, the claims do not add significantly more (i.e., an inventive concept) to the abstract idea (Step 2B-No).


Claim Rejections - 35 USC § 102/103
Extensive search had been performed during the examination of the parent case 15/678,089.  An updated prior art search did not identify any art, individually or in combination with others, that teaches each and every elements of the claims at this time. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  The references are listed in the attached PTO-892 form.

Claims 1-10 are rejected.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAI TRAN whose telephone number is (571)272-7364. The examiner can normally be reached Monday-Friday, 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine M. Behncke can be reached on 571-272-8103. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HAI TRAN
Primary Examiner
Art Unit 3697



/HAI TRAN/Primary Examiner, Art Unit 3697