Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in reply to an original application filed on 02/26/2009.  

Priority
2.	This is a continuation application which is a continuation of application 
17307577, filed 05/04/2021 is a continuation of 16922673, filed 07/07/2020, 
now U.S. Patent #11030325 16922673 is a continuation of 16514771, filed 
07/17/2019, now U.S. Patent #10726136. Therefore, the effective filling date  
for the subject matter defined in the pending claims of this application is 
07/17/2019.	
	
Information Disclosure Statement
3.	The information disclosure statements (IDS) submitted on 07/22/2021has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto. 

Drawings
4.	The drawings filed on 05/04/2021 are accepted. 

Specification
5.	The specification filed on 05/04/2021 is also accepted.

Double Patenting
A rejection based on double patenting of the "same invention" type finds its support in the language of 35 U.S.C. 101 which states that "whoever invents or discovers any new and useful process ... may obtain a patent therefor ..."  (Emphasis added).  Thus, the term "same invention," in this context, means an invention drawn to identical subject matter.  See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957); and In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970).
A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the conflicting claims so they are no longer coextensive in scope.  The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101. 
‘325 US Patent
Instant Application 17/307,577
 21. (Previously presented) A computer-implemented method for generating a security improvement plan for a particular organization, the method comprising: receiving an organization data set for the particular organization, the organization data set comprising: 

(i) a value for at least one static parameter indicative of a type of the organization; 

(ii) a value for at least two input parameters indicative of a security profile of the particular organization; and 

(iii) a value of a security class parameter indicative of a security class of the particular organization; adjusting a value of a first input parameter of the input parameters; determining a value of a second input parameter of the input parameters based on a relationship between the value of the first input parameter and the value of the second input parameter; using a trained statistical classifier on the adjusted value of the first input parameter and the determined value of the second input parameter to infer an adjusted value of the security class parameter; and if the adjustment of the value of the first input parameter results in an increased value of the security class parameter, generating a security improvement plan based on the adjusted value of the first input parameter and the determined value of the second input parameter, such that execution of the security improvement plan by the particular organization results in an increase in the value of the security class parameter of the particular organization.
 21. (New) A computer-implemented method for executing a security improvement plan for a particular organization, the method comprising: receiving an organization data set for the particular organization, the organization data set comprising: 
(i) a value for at least one static parameter indicative of a type of the organization;

 (ii) a value for at least two input parameters indicative of a security profile of the particular organization; and 

(iii) a value of a security class parameter indicative of a security class of the particular organization; adjusting a value of a first input parameter of the input parameters; determining a value of a second input parameter of the input parameters based on a relationship between the value of the first input parameter and the value of the second input parameter; using a trained statistical classifier on the adjusted value of the first input parameter and the determined value of the second input parameter to infer an adjusted value of the security class parameter; and if the adjustment of the value of the first input parameter results in an increased value of the security class parameter, selecting the first input parameter for modification in a security improvement plan based on the adjusted value of the first input parameter, wherein modification of the first input parameter by the particular organization implies an increase in the value of the security class parameter of the particular organization.
22. (Previously presented) The method of claim 21, further comprising: comparing the adjusted value of the security class parameter to a target value to determine whether the adjustment of the value of the first input parameter results in a value of the security class parameter at, above, or below the target value.
22. (New) The method of claim 21, further comprising: comparing the adjusted value of the security class parameter to a target value to determine whether the adjustment of the value of the first input parameter results in a value of the security class parameter at, above, or below the target value.

24. (Previously presented) The method of claim 21, wherein the security improvement plan comprises a target value for at least one input parameter for the particular organization, the target value being different than the value of the at least one input parameter.
23. (New) The method of claim 22, wherein selecting the first input parameter for modification comprises: IPTS/110650809.2Application No. 17/307,5773Docket No.: BST-018C2 Second Preliminary Amendment executing the security improvement plan for the particular organization, wherein execution of the security improvement plan results in an increase in the value of the security class parameter of the particular organization at or above the target value, wherein generation of the security improvement plan is based on the adjusted value of the first input parameter.
24. (Previously presented) The method of claim 21, wherein the security improvement plan comprises a target value for at least one input parameter for the particular organization, the target value being different than the value of the at least one input parameter.  
24. (New) The method of claim 21, wherein the security improvement plan comprises a target value for at least one input parameter for the particular organization, the target value being different than the value of the at least one input parameter.
25. (Previously presented) The method of claim 21, further comprising: presenting the security improvement plan via a user interface.
25. (New) The method of claim 21, further comprising: presenting the security improvement plan via a user interface.
26. (Previously presented) The method of claim 21, wherein the security improvement plan includes a prescription to adjust at least one of the input parameters, the method further comprising: determining an explanation for the prescription using one or more explanation techniques selected from the group consisting of: (i) local interpretable model-agnostic explanation (LIME), (ii) high-precision model-agnostic explanation, (iii) Skater model interpretation, or (iv) random forest feature tweaking.
26. (New) The method of claim 21, wherein the security improvement plan includes a prescription to adjust at least one of the input parameters, the method further comprising: determining an explanation for the prescription using one or more explanation techniques selected from the group consisting of: (i) local interpretable model-agnostic explanation (LIME), (ii) high-precision model-agnostic explanation, (iii) Skater model interpretation, or (iv) random forest feature tweaking.
27. (Previously presented) The method of claim 26, further comprising: presenting the explanation via the user interface.
27. (New) The method of claim 26, further comprising: presenting the explanation via the user interface.
28. (Previously presented) The method of claim 21, further comprising: determining a target value for the first input parameter by: receiving two or more values of the first input parameter from two or more organization data sets of entities having a value of the security class parameter greater than the target value; and IPTS/109080391.2Application No. 16/922,6734Docket No.: BST-018C1 Amendment dated April 22, 2021 After Allowance Under 37 C.F.R. § 1.312 determining a mean of the two or more values, wherein generating the security improvement plan comprises prescribing the mean value for the first input parameter of the particular organization.
28. (New) The method of claim 21, 
further comprising: determining a target value for the first input parameter by: receiving two or more values of the first input parameter from two or more organization data sets of entities having a value of the security class parameter greater than the target value; and determining a mean of the two or more values, wherein selecting the first input parameter for modification comprises using the mean value for the first input parameter of the particular organization.
29. (Previously presented) The method of claim 21, wherein the relationship between at least one value of the first input parameter and at least one value of a second input parameter is stored in a database, and wherein the method comprises: retrieving the stored relationship from the database.


29. (New) The method of claim 21,
 wherein the relationship between at least one value of the first input parameter and at least one value of a second input parameter is stored in a database, and wherein the method comprises: retrieving the stored relationship from the database.  





30. (Previously presented) The method of claim 21, wherein the static parameters comprise at least one of (i) organization size, (ii) organization industry, and/or (iii) organization location.

30. (New) The method of claim 21, wherein the static parameters comprise at least one of (i) organization size, (ii) organization industry, and/or (iii) organization location.
31. (Previously presented) The method of claim 21, wherein the security profile comprises security practices and/or a security record of an organization.
31. (New) The method of claim 21, wherein the security profile comprises security practices and/or a security record of an organization.
32. (Previously presented) The method of claim 21, wherein the one or more input parameters indicative of the security profile of the organization comprise at least one of: an amount of capital investment in security of the organization; a measure of employee training in security of the organization; a measure of organization of a team dedicated to information security; or an amount of budget dedicated to information security
32. (New) The method of claim 21, wherein the one or more input parameters indicative of the security profile of the organization comprise at least one of: an amount of capital investment in security of the organization; a measure of employee training in security of the organization; a measure of organization of a team dedicated to information security; or an amount of budget dedicated to information security.
33. (Previously presented) The method of claim 21, wherein the one or more input parameters indicative of the security profile of the organization comprise at least one of: a number and/or severity of botnet infection instances of a computer system associated with the organization; a number of spam propagation instances originating from a computer network associated with the organization; a number of malware servers associated with the organization; IPTS/109080391.2Application No. 16/922,6735Docket No.: BST-018C1 Amendment dated April 22, 2021 After Allowance Under 37 C.F.R. § 1.312 a number of potentially exploited devices associated with the organization; a number of hosts authorized to send emails on behalf of each domain associated with the organization; a determination of whether a DomainKeys Identified Mail (DKIM) record exists for each domain associated with the organization and/or a key length of a public key associated with a Domain Name System (DNS) record of each domain associated with the organization; an evaluation of a Secure Sockets Layer (SSL) certificate and/or a Transport Layer Security (TLS) certificate associated with a computer system of the organization; a number and/or type of service of open ports of a computer network associated with the organization; an evaluation of security-related fields of an header section of HTTP response messages of hosts associated with the organization; a rate at which vulnerabilities are patched in a computer network associated with the organization; an evaluation of file sharing traffic originating from a computer network associated with the organization; or a number of lost records and/or sensitivity of information in the lost records in a data breach of a computer system associated with the organization.
33. (New) The method of claim 21, wherein the one or more input parameters indicative of the security profile of the organization comprise at least one of: a number and/or severity of botnet infection instances of a computer system associated with the organization; a number of spam propagation instances originating from a computer network associated with the organization; a number of malware servers associated with the organization; a number of potentially exploited devices associated with the organization; a number of hosts authorized to send emails on behalf of each domain associated with the organization; a determination of whether a DomainKeys Identified Mail (DKIM) record exists for each domain associated with the organization and/or a key length of a public key associated with a Domain Name System (DNS) record of each domain associated with the organization; IPTS/110650809.2Application No. 17/307,5775Docket No.: BST-018C2 Second Preliminary Amendment an evaluation of a Secure Sockets Layer (SSL) certificate and/or a Transport Layer Security (TLS) certificate associated with a computer system of the organization; a number and/or type of service of open ports of a computer network associated with the organization; an evaluation of security-related fields of an header section of HTTP response messages of hosts associated with the organization; a rate at which vulnerabilities are patched in a computer network associated with the organization; an evaluation of file sharing traffic originating from a computer network associated with the organization; or a number of lost records and/or sensitivity of information in the lost records in a data breach of a computer system associated with the organization.
35. (Currently amended) The method of claim 34, wherein each organization data set includes two or more input parameters indicative of the security profile of the organization, the method further comprising: for a first input parameter of the two or more input parameters, determining the relationship between at least one value of the first input parameter and at least one value of a second input parameter.
35. (New) The method of claim 34, wherein each organization data set includes two or more input parameters indicative of the security profile of the organization, the method further comprising: IPTS/110650809.2Application No. 17/307,5776Docket No.: BST-018C2 Second Preliminary Amendment for a first input parameter of the two or more input parameters, determining the relationship between at least one value of the first input parameter and at least one value of a second input parameter.
36. (Previously presented) The method of claim 35, further comprising: determining relationships between a plurality of values of the first input parameter and a plurality of values of the second input parameter, wherein the plurality of values of the first input parameter comprises the at least one value of the first input parameter and the plurality of values of the second input parameter comprises the at least one value of the second input parameter.  
36. (New) The method of claim 35, further comprising: determining relationships between a plurality of values of the first input parameter and a plurality of values of the second input parameter, wherein the plurality of values of the first input parameter comprises the at least one value of the first input parameter and the plurality of values of the second input parameter comprises the at least one value of the second input parameter.
37. (Previously presented) The method of claim 34, wherein the values of two or more static parameters for each of the organization data sets indicate that the type of the organization matches the particular type.
37. (New) The method of claim 34, wherein the values of two or more static parameters for each of the organization data sets indicate that the type of the organization matches the particular type.
38. (Previously presented) The method of claim 34, further comprising: selecting a target value for the security class parameter indicative of the security class for the particular organization, IPTS/109080391.2Application No. 16/922,6737Docket No.: BST-018C1 Amendment dated April 22, 2021 After Allowance Under 37 C.F.R. § 1.312 wherein the plurality of organization data sets includes at least one organization data set for which the value of the security class parameter is lower than the target value and at least one organization data set for which the value of the security class parameter is at or above than the target value.
38. (New) The method of claim 34, further comprising: selecting a target value for the security class parameter indicative of the security class for the particular organization, wherein the plurality of organization data sets includes at least one organization data set for which the value of the security class parameter is lower than the target value and at least one organization data set for which the value of the security class parameter is at or above than the target value.
39. (Previously presented) The method of claim 38, wherein the plurality of organization data sets includes at least three organization data sets for which the value of the security class parameter is lower than the target value and at least three organization data set for which the value of the security class parameter is at or above than the target value.
39. (New) The method of claim 38, wherein the plurality of organization data sets includes at least three organization data sets for which the value of the security class parameter is lower than the target value and at least three organization data set for which the value of the security class parameter is at or above than the target value.
40. (Previously presented) The method of claim 21, wherein the security class is a security rating of the particular organization.
40. (New) The method of claim 21, wherein the security class is a security rating of the particular organization.


Conclusion
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
September 6, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434