DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 21-40 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.  If the claim does fall within one the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exemption.  If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself.
In the instant case (Step 1), claims 21-30, 39, and 40 are directed toward a system and claims 31-38 are directed to a process, which are both statutory categories of invention.  Additionally (Step 2A Prong One), the independent claims are directed toward receiving a threat, the threat comprising a particular threat type, the threat indicating an incident affecting a risk value associate with an asset; determining, based on the threat and the asset, the risk value at a first point in time; selecting a decay model based on the particular threat type from a plurality of decal models, the plurality of decay models defining a risk decay for threats of a plurality of different threat types; and updating the risk value at a plurality of points in time after the first point in time with the decay model causing the risk value to decay (organizing human activity and mathematical relationships), which are considered to be abstract ideas (See PEG 2019 and MPEP 2106.04(a)).  The steps/functions disclosed above and in the dependent claims are directed toward the abstract idea of organizing human activity because the claimed limitations are analyzing threat to determine risk values by utilizing decay models, where determining risk for a building management system is managing commercial systems.  The steps/functions disclosed above and in the independent claims are also directed toward the abstract idea of mathematical relationships because the claimed limitations are analyzing threat to determine risk values by utilizing decay models, which are mathematical equations.  The Applicant’s claimed limitations are merely analyzing threat data using decay models to determine risk values so a human user can analyze and make determinations of the risk value, which is directed towards an abstract idea.
Step 2A, Prong Two:  In this application, even if not directed toward the abstract idea, the above “receiving a threat, the threat comprising a particular threat type, the threat indicating an incident affecting a risk value associate with an asset” step/function of the independent claims would not account for additional elements that integrate the judicial exception (abstract idea) into a practical application because receiving/storing data and displaying data merely add insignificant extra-solution activity.  Also, the claimed “building management system, computer readable storage media, instructions, processors, asset, user interface, and risk analytics system” would not account for additional elements that integrate the judicial exception into a practical application because the claimed structure merely adds the words to apply the judicial exception and mere instructions to implement an abstract idea on a computer (MPEP 2106.05).
In addition, dependent claims 22-30, 32-38, and 40 further narrow the abstract idea and dependent claims 25, 26, 29, 30, 35, and 36 additionally recite “publish the risk score, retrieve the risk score, display an indication of the risk score, receive a plurality of threats, store the threat, retrieve the threat, store a threat status, and retrieve the threat status”, which do not account for additional elements that integrate the judicial exception into a practical application because receiving/storing data and display data merely add insignificant extra-solution activity and the claimed “user interface” does not account for additional elements that integrate the judicial exception into a practical application because the claimed structure merely adds words to apply it with the judicial exception and mere instructions to implement the abstract idea on a computer.
The claimed “building management system, computer readable storage media, instructions, processors, asset, user interface, and risk analytics system” are recited so generically (no details whatsoever are provided other than that they are general purpose computing components) that they represent no more than mere instructions to apply the judicial exception on a computer.  These limitations can also be viewed as nothing more than an attempt to generally link the use of the judicial exception to the technological environment of a computer.  Even when viewed in combination, the additional elements in the claims do no more than use the computer components as a tool.  There is no change to the computers and other technology that is recited in the claim, and thus the claims do not improve computer functionality or other technology.
Step 2B:  When analyzing the additional elements and/or combination of elements in the claims other than the abstract idea per se the claimed limitations amount to no more than a general link of the use of an abstract idea to the particular technological environment and merely amounts to the application or instructions to apply the abstract idea on a computer (MPEP 2106.05).  Furthermore, the system claims 21-30, 39, and 40 and the method claims 31-38 recites a building management system, computer readable storage media, instructions, processors, asset, user interface, and risk analytics system; however, these elements merely facilitate the claimed functions at a high level of generality and they perform conventional functions and are considered to be general purpose computer components which is supported by the Applicant’s specification in paragraphs 422 and 423.  The Applicant’s claimed additional elements are mere instructions to implement the abstract idea on a general-purpose computer and generally link the use of an abstract idea to a particular technological environment.  Also, the above “receiving a threat, the threat comprising a particular threat type, the threat indicating an incident affecting a risk value associate with an asset” step/function of the independent claims would not account for significantly more that the abstract idea because receiving data and displaying/presenting data (MPEP 2106.05) have been identified as well-known, routine, and conventional steps/functions to one of ordinary skill in the art.  When view as a whole, these additional claim elements do not provide meaningful limitations to transform the abstract idea into a patent eligible application of the abstract idea such that the claims amount to significantly more than the abstract idea itself.
In addition, claims 22-30, 32-38, and 40 further narrow the abstract idea identified in the independent claims.  The Examiner notes that the dependent claims merely further define the data being analyzed and how the data is being analyzed.  Similarly, claims 25, 26, 29, 30, 35, and 36 additionally recite “publish the risk score, retrieve the risk score, display an indication of the risk score, receive a plurality of threats, store the threat, retrieve the threat, store a threat status, and retrieve the threat status”, which do not account for additional elements that amount to significantly more than the abstract idea because receiving data and displaying/presenting data (MPEP 2106.05) have been identified as well-known, routine, and conventional steps/functions to one of ordinary skill in the art and the claimed “user interface” does not account for additional elements that amount to significantly more than the abstract idea because the claimed structure merely amounts to the application of instructions to apply the abstract idea on a computer and does not move beyond a general link of the use of an abstract idea to a particular technological environment.  The additional limitations of the independent and dependent claims when considered individually and as an ordered combination do not amount to significantly more than the abstract idea.  The Examiner has considered the dependent claims in a full analysis including the additional limitations individually and in combination as analyzed in the independent claims.  Therefore, the claims are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.

A prior art rejection has not been formulated in this application because the prior art does not fully teach or suggest the entirety of the subject matter found in each independent claim.  The risk scoring for threat assessment taught by Baikalov et al [US 2016/0226905] (supplied by applicant) does teach receiving a threat (unusual process No. 206, malware infection No. 230) affecting a risk value (Paragraph 27: risk factor) to determine the risk value at a point in time as well as updating the risk value at a plurality of points in time (Paragraph 27: cumulative threat score together with an aged previous threat score).  However, there is no mention of selecting a decay model based on the particular threat type from a plurality of decay models.  The Miltonberger [US 2010/0094768] (supplied by applicant) reference does mention a time decay model; however, this is one single model and is not selected based on a particular threat type.  Therefore, the claims are judged to be novel and unobvious.

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Lovejoy et al [US 2002/0138416] assesses and manages risks for an organization.
Baikalov et al [U.S. 9,800,605] detects threat risks to an enterprise.
Pourmohammad et al [US 2019/0096014] selects decay models based on threat type.
Pourmohammad et al [U.S. 11,276,288] determines a particular vulnerability and threat.
Pourmohammad et al [U.S. 11,360,959] computes a dynamic risk score.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN A. TWEEL JR whose telephone number is (571)272-2969. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Curtis A Kuntz can be reached on 571-272-7499. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





JAT
10/3/2022

/JOHN A TWEEL JR/Primary Examiner, Art Unit 2687