DETAILED ACTION
Responsive to the Applicant reply filed on 08/17/2022, Applicant’s amendments to claims have been entered and respective arguments carefully considered and responded in the following.  Claims 1-20 are pending with claims 1, 14, and 19 being in independent form.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
The claim amendments and remarks filed by the Applicant on 08/17/2022, have been carefully considered and are responded in the following.
Applicant arguments, page(s) 8 of the Remarks, regarding claim 10 being objected to for informalities have been carefully considered. 

In response to the Applicant arguments, page(s) 8, regarding Claims 1-20 being rejected under 35 U.S.C. 101, the amendments have not resolved the issues. Therefore, the rejections remain.  The claims are broadly defined to describe a method of calculating cross-sectional scores for sending a notification to the enterprise.  The concept of the invention is basically mathematical calculations of scores without any implementation details.  The machine learning element in the claims is describe as a model, which is only one or more algorithms to produce desired output through structured data.  Therefore, Applicant’s amendment failed to overcome the 101 rejections.

The Examiner notes that the amendments have caused 112 issues.  See the Office Action in the following.
Applicant’s arguments, page(s) 8-10 of the Remarks, with regards to claim rejections under 35 U.S.C. § 103 have been considered carefully.  Applicant’s arguments are persuasive.  Accordingly, the 103 rejections are withdrawn.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more.
The rationale for this determination is explained below:  
First – following Step 1 of the guidance, claims 1-20 are directed to a method comprising a series of functional steps, or computing apparatus with processor coupled with memory, or a non-transitory computer readable medium.  Therefore, the claimed invention falls into one of the four statutory categories.
Secondly – following Step 2 of the guidance, claims 1-20 are analyzed for its underlying inventive concept with a new two-prong inquiry (1) does the claim recite an abstract idea, law of nature, or natural phenomenon, and/or judicial exceptions? And (2) does the claim recite additional elements that integrate the judicial exception into a practical application?
It is determined that claimed invention is directed to an abstract idea or at least one of the judicial exceptions, because the concept of the invention is basically mathematical calculations of scores for setting priority of a broadly defined object under analysis; the first prone of the inquiry.  It is similar to the grouping of the abstract ideas for mathematical concepts – mathematical relationships, mathematical formulas or equations, and mathematical calculations.

Regarding the second prone, the identified additional elements – the processor and memory and data store – failed to integrate the idea of “score calculations for priority setting” into a practical application.  
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites executable program, processor and memory that may reside in a single computer system.  These elements only perform functions of a general computer such as receiving, computing, and storing data.  Further, the claims do not recite an improvement to another technology or technical field, an improvement to the functioning of the computer itself, or meaningful limitations beyond generally linking the use of an abstract idea to a particular technological environment.  Therefore, the independent claims 1, 14, and 19 are abstract without significantly more.

Dependent claims 1, 14 and 19, when analyzed individually or as a whole, are held to be patent ineligible under 35 U.S.C. 101 because, the additional recited limitation(s) fail(s) to amount to “significantly more” than the judicial exception, and thereby non-statutory.

Please see “The 2019 Revised Patent Subject Matter Eligibility Guidance (or “2019 PEG” for short) published in January 2019 at USPTO Website.  Note that the groupings of abstract ideas in the 2019 PEG are not the same as those on the Abstract Ideas QRS or in the MPEP. The groupings in the 2019 PEG should be FOLLOWED for identifying abstract ideas. The 2019 PEG does not change the analysis at Step 2B which pertains to an improvement to conventional functioning of a computer or to technological processes; see also MPEP 2106.05(a).



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons:
Claim 1 recites the limitation "the enterprise" in the notifying step.  There is insufficient antecedent basis for this limitation in the claim.  It should be noted that claim 1 defines an enterprise variance score but never introduces an instance of “an enterprise” before reciting the limitation in the notifying step.
Claims 14 and 19 each recite the limitation "the enterprise" in the notifying step without sufficient antecedent basis for the same reason as that of claim 1.
Claim 19 recites two instances of “a cross-sectional variance score,” one in preamble and the other one in the step of computing a cross-sectional variance score.  There is insufficient antecedent basis for this limitation in the claim.
Claims 2-13, 14-18, and 20 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, because they depend from the rejected base claims 1, 14, and 19, respectively.

Allowable Subject Matter
Claims 1-20 are allowable over prior art for the following reasons:
The closest prior art, do not disclose the features of independent claim 1, “compute from the global variance score and the enterprise variance score a cross-sectional variance score; and 
assign the object under analysis an analysis priority according to the cross-sectional variance score; 
and based on the cross-sectional variance score, electronically notify the enterprise that the enterprise is subject to a suspected advanced persistent threat (APT) attack” in combination with other limitations as recited in claim 1.  
Regarding independent claim 14, similar features are recited as “compute a cross-sectional uniqueness score from the global uniqueness score and the enterprise uniqueness score…  and 
assign an analysis priority to the object according to the cross- sectional uniqueness score, wherein the analysis priority varies directly with the cross-sectional uniqueness score; 
analyze the object for malicious features according to the analysis priority; and 
based on the analysis [PRIORITY], electronically notify the enterprise that it may be subject to an advanced persistent threat (APT) attack.”  These features when in combination with other limitations as recited in claim 14 are not anticipated by, nor made obvious over the prior art of record. 
Regarding independent claim 19, it recites features of “computing a cross-sectional variance score from the global uniqueness score and the enterprise uniqueness score, wherein the cross- sectional variance score varies directly with the global variance score and the enterprise variance score; and 
assigning an analysis priority to the unknown object according to the cross-sectional variance score, wherein the analysis priority varies directly with the cross-sectional variance score; 
analyzing the object according to the analysis priority; and 
based on the analysis, electronically notifying the enterprise that it may be a subject of an advanced persistent threat (APT) attack.” These features when in combination with other limitations as recited in claim 19 are not anticipated by, nor made obvious over the prior art of record. 
Dependent claims 2-13, 15-18 and 20 are allowable by virtue of their dependencies on base claims 1, 14, and 19, respectively, as they further limit the scope of the claimed invention.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Don Zhao whose telephone number is (571)272-9953.  The examiner can normally be reached on 9 am to 5 pm Monday thru Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Don G Zhao/
Examiner, Art Unit 2493
09/27/2022