DETAILED ACTION
	Claims 1-20 are presented on 02/11/2021 for examination on merits.  Claims 1, 17, and 19 are independent base claims.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Applicant Arguments/Remarks or a section following the Remarks.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted for examination on merits is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered by the examiner. See the annotated 1449 documents.

Claim Objections
Claim 9 is objected to because of the following informalities:  
Claim 9 recites “wherein the entity is comprises one or more of a program and a device” deficiently, because there appears to be a typographic error (i.e., extra “is”) in the limitation.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(B)  CONCLUSION—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claims 1-16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons:
Claim 1 recites two instances of “a system” unclearly, because it is confusing whether the first instance of “system” found in the preamble is the same as the second instance found in the identifying step.  The claim also recites a limitation of “the system”.  There is insufficient antecedent basis for this limitation in the claim.
Claims 2-16 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, because they depend from the rejected base claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1-2, 8-10, 16-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (US 10419450 B) in view of Hanumantharau (US 20180375645 A1; hereinafter “Hanu”).

As per claim 1, Muddu teaches a system for mitigating cybersecurity threats, comprising: 
one or more processors; and 
memory storing one or more programs, wherein the one or more programs are configured to be executable by the one or more processors to cause the system to: 
identify, based on a model of a system, one or more future states, wherein the model depicts a plurality of states for the system and a plurality of capabilities enabling transitions between the plurality of states, wherein identifying the one or more future states is based on a current state of the system, and wherein the one or more future states comprise an undesirable state (Muddu, col. 15, lines: 50-63: the model-related process threads. …[to] evaluate different aspects of the pre-processed event data received from the distribution block 320. The machine learning models can also generate security-related scores for the events. The results from the analysis module 330 may be, for example, anomalies, threat indicators, and threats.); 
determine, based on the model of the system, whether the undesirable state is a reachable state, wherein the determination is based on one or more capabilities possessed by an insider entity (Muddu, col. 18. Lines 45-50: a human administrative user 604 other than user 602 may employ the server 606 to access the data stored in the servers 608; col. 18, lines 60-67: if the human user 604 begins to access source code server 610 more frequently in support of his work … anomalies and threats are detected by comparing incoming event data (e.g., a series of events) against the baseline profile for an entity); 
However, Muddu does not explicitly disclose modifying a capability of the one or more capabilities possessed by the insider entity to cause the undesirable state unreachable by the inside entity.  This aspect of the claim is identified as a difference.
In a related art, Han
in accordance with a determination that the undesirable state is a reachable state: modify a capability of the one or more capabilities possessed by the insider entity, wherein modifying the capability prevents the insider entity from causing the system to transition to the undesirable state (Hanu, par. 0051: restricting access for certain administrator to only a specific folder of its content); and 
in accordance with a determination that the undesirable state is not a reachable state, forgoing modifying the capability (Hanu, par. 0052-0055: the vault 320 is used and thus a password change process is being performed at the primary site 405.  As such, there is no need for modifying the capability of the administrator).
Muddu and Hanu are analogous art, because they are in a similar field of endeavor in improving the systems of detection and prevention of inside threat.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Hanu’s technique for restricting the capability of the administrator to modify Muddu system to prevent the inside threat cause by one or more capabilities possessed by the insider entity. For this combination, the motivation would have been to improve the level of security by limiting the capabilities possessed by the insider entity.

As per claim 2, the references as combined above teach the system of claim 1, wherein modifying the capability comprises revoking the capability (Hanu, par. 0051: restricting access for certain administrator to only a specific folder).

As per claim 8, the references as combined above teach the system of claim 1, wherein the entity comprises a person (Muddu, col. 9, lines 56-59: detect anomalies and threats produced by a user).

As per claim 9, the references as combined above teach the system of claim 1, wherein the entity is comprises one or more of a program and a device (Muddu, col. 9, lines 56-59: detect anomalies and threats produced by … a device, or an application).

As per claim 10, the references as combined above teach the system of claim 1, wherein the entity comprises a device (Muddu, col. 9, lines 56-59: detect anomalies and threats produced by … a device).

As per claim 16, the references as combined above teach the system of claim 1, wherein the one or more programs are configured to be executable by the one or more processors to cause the system to: generate an event log based the determination that the undesirable state is a reachable state, wherein the event log comprises actions taken by the insider entity (Muddu, col. 19, lines 40-44: a record (e.g., a log) of an event that takes place in the network environment, such as an activity of a customer, a user, an transaction, an application, a server, a network or a mobile device).

As per claim 17, Muddu teaches a computer-enabled method for mitigating cybersecurity threats, comprising: 
identifying, based on a model of a system, one or more future states, wherein the model depicts a plurality of states for the system and a plurality of capabilities enabling transitions between the plurality of states, wherein identifying the one or more future states is based on a current state of the system, and wherein the one or more future states comprise an undesirable state (Muddu, col. 15, lines: 50-63: the model-related process threads. …[to] evaluate different aspects of the pre-processed event data received from the distribution block 320. The machine learning models can also generate security-related scores for the events. The results from the analysis module 330 may be, for example, anomalies, threat indicators, and threats); 
determining, based on the model of the system, whether the undesirable state is a reachable state, wherein the determination is based on one or more capabilities possessed by an insider entity (Muddu, col. 18. Lines 45-50: a human administrative user 604 other than user 602 may employ the server 606 to access the data stored in the servers 608; col. 18, lines 60-67: if the human user 604 begins to access source code server 610 more frequently in support of his work … anomalies and threats are detected by comparing incoming event data (e.g., a series of events) against the baseline profile for an entity); 
However, Muddu does not explicitly disclose modifying a capability of the one or more capabilities possessed by the insider entity to cause the undesirable state unreachable by the inside entity.  This aspect of the claim is identified as a difference.
In a related art, Han
in accordance with a determination that the undesirable state is a reachable state: 
modifying a capability of the one or more capabilities possessed by the insider entity, wherein modifying the capability prevents the insider entity from causing the system to transition to the undesirable state (Hanu, par. 0051: restricting access for certain administrator to only a specific folder of its content); and 
in accordance with a determination that the undesirable state is not a reachable state, forgoing modifying the capability (Hanu, par. 0052-0055: the vault 320 is used and thus a password change process is being performed at the primary site 405.  As such, there is no need for modifying the capability of the administrator).
Muddu and Hanu are analogous art, because they are in a similar field of endeavor in improving the systems of detection and prevention of inside threat.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Hanu’s technique for restricting the capability of the administrator to modify Muddu system to prevent the inside threat cause by one or more capabilities possessed by the insider entity. For this combination, the motivation would have been to improve the level of security by limiting the capabilities possessed by the insider entity.

As per claim 19, Muddu teaches a non-transitory computer-readable storage medium storing one or more programs for mitigating cybersecurity threats, the one or more programs comprising instructions, which when executed by one or more processors of an electronic device, cause the one or more processors to execute a method comprising: 
identifying, based on a model of a system, one or more future states, wherein the model depicts a plurality of states for the system and a plurality of capabilities enabling transitions between the plurality of states, wherein identifying the one or more future states is based on a current state of the system, and wherein the one or more future states comprise an undesirable state (Muddu, col. 15, lines: 50-63: the model-related process threads. …[to] evaluate different aspects of the pre-processed event data received from the distribution block 320. The machine learning models can also generate security-related scores for the events. The results from the analysis module 330 may be, for example, anomalies, threat indicators, and threats.); 
determining, based on the model of the system, whether the undesirable state is a reachable state, wherein the determination is based on one or more capabilities possessed by an insider entity (Muddu, col. 18. Lines 45-50: a human administrative user 604 other than user 602 may employ the server 606 to access the data stored in the servers 608; col. 18, lines 60-67: if the human user 604 begins to access source code server 610 more frequently in support of his work … anomalies and threats are detected by comparing incoming event data (e.g., a series of events) against the baseline profile for an entity); 
However, Muddu does not explicitly disclose modifying a capability of the one or more capabilities possessed by the insider entity to cause the undesirable state unreachable by the inside entity.  This aspect of the claim is identified as a difference.
In a related art, Han
in accordance with a determination that the undesirable state is a reachable state: modifying a capability of the one or more capabilities possessed by the insider entity, wherein modifying the capability prevents the insider entity from causing the system to transition to the undesirable state (Hanu, par. 0051: restricting access for certain administrator to only a specific folder of its content); and 
in accordance with a determination that the undesirable state is not a reachable state, forgoing modifying the capability (Hanu, par. 0052-0055: the vault 320 is used and thus a password change process is being performed at the primary site 405.  As such, there is no need for modifying the capability of the administrator).
Muddu and Hanu are analogous art, because they are in a similar field of endeavor in improving the systems of detection and prevention of inside threat.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Hanu’s technique for restricting the capability of the administrator to modify Muddu system to prevent the inside threat cause by one or more capabilities possessed by the insider entity. For this combination, the motivation would have been to improve the level of security by limiting the capabilities possessed by the insider entity.

Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu in view of Hanu, as applied to claim 1, and further in view of Vanderwater (US 20210203763 A1; hereinafter “Vand”).

As per claim 7, the references Muddu and Hanu as combined above teach the system of claim 1, but do not explicitly disclose generating a notification corresponding to modifying the capability. This aspect of the claim is identified as a further difference.
In a related art, Vand teaches:
wherein the one or more programs are configured to be executable by the one or more processors to cause the system to: generate a notification corresponding to modifying the capability (Vand, par. 0036 and 0050: NOTIFICATION …for capabilities change).
Vand is analogous art, because they are in a similar field of endeavor in improving the detection of security risks and threats.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Muddu-Hanu system to include a notification for the modification of the capability. For this combination, the motivation would have been to improve the user experience by timely notifying the user of a modification of the user’s capability.

As per claim 15, the references as combined above teach the system of claim 1, but do not explicitly disclose generating a notification corresponding to modifying the capability. This aspect of the claim is identified as a further difference.
In a related art, Vand teaches:
wherein the one or more programs are configured to be executable by the one or more processors to cause the system to: 
generate an alert based the determination that the undesirable state is a reachable state (Vand, par. 0036 and 0050: NOTIFICATION …for capabilities change).
Vand is analogous art, because they are in a similar field of endeavor in improving the detection of security risks and threats.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Muddu-Hanu system to include a notification for the modification of the capability. For this combination, the motivation would have been to improve the user experience by timely notifying the user of a modification of the user’s capability.

Claims 11, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu in view of Hanu, as applied to claim 17, and further in view of Kolishchak (US 20120210388 A1; hereinafter “Koli”).

As per claim 11, the references as combined above teach the system of claim 1, , but do not explicitly disclose a policy associated with the undesirable state to be used for determining whether the future state of the one or more future states corresponds to the undesirable state. This aspect of the claim is identified as a further difference.
In a related art, Koli teaches:
further comprising: 
wherein the one or more programs are configured to be executable by the one or more processors to cause the system to: 
designate a future state of the one or more future states as an undesirable state, wherein designating the future state as the undesirable state (Koli, par. 0068: calculate a threat level based on the received alerts; note that the calculated threat level indicates the one or more future states as an undesirable state) comprises: 
receiving policy data, wherein the policy data is associated with the undesirable state (Koli, par. 0069: the policy enforcer module 214 - further configured to supply the threat level to the policy module 220); and 
determining, based on the policy data, whether the future state of the one or more future states corresponds to the undesirable state (Koli, par. 0069-0070: if the threat level exceeds a particular threshold, then an administrator may be notified with details such as an computer activity … poses a risk of data leakage, which is the undesirable state).
Koli is analogous art, because they are in a similar field of endeavor in improving the detection of security risks and threats.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Muddu-Hanu system with Koli’s teaching on the use of policy for determining a future state that corresponds to the undesirable state. For this combination, the motivation would have been to improve the level of security by using a security policy.

As per claim 18, the references of Muddu and Han as combined above teach the computer-enabled method of claim 17, but do not explicitly disclose a policy associated with the undesirable state to be used for determining whether the future state of the one or more future states corresponds to the undesirable state. This aspect of the claim is identified as a further difference.
In a related art, Koli teaches:
further comprising: 
designating a future state of the one or more future states as an undesirable state, wherein designating the future state as the undesirable state (Koli, par. 0068: calculate a threat level based on the received alerts; note that the calculated threat level indicates the one or more future states as an undesirable state) comprises: 
receiving policy data, wherein the policy data is associated with the undesirable state (Koli, par. 0069: the policy enforcer module 214 - further configured to supply the threat level to the policy module 220); and 
determining, based on the policy data, whether the future state of the one or more future states corresponds to the undesirable state (Koli, par. 0069-0070: if the threat level exceeds a particular threshold, then an administrator may be notified with details such as an computer activity … poses a risk of data leakage, which is the undesirable state).
Koli is analogous art, because they are in a similar field of endeavor in improving the detection of security risks and threats.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Muddu-Hanu system with Koli’s teaching on the use of policy for determining a future state that corresponds to the undesirable state. For this combination, the motivation would have been to improve the level of security by using a security policy.

As per claim 20, the references of Muddu and Han as combined above teach the non-transitory computer-readable storage medium of claim 19, but do not explicitly disclose a policy associated with the undesirable state to be used for determining whether the future state of the one or more future states corresponds to the undesirable state. This aspect of the claim is identified as a further difference.
In a related art, Koli teaches:
the method further comprising: 
designating a future state of the one or more future states as an undesirable state, wherein designating the future state as the undesirable state (Koli, par. 0068: calculate a threat level based on the received alerts; note that the calculated threat level indicates the one or more future states as an undesirable state) comprises: 
receiving policy data, wherein the policy data is associated with the undesirable state (Koli, par. 0069: the policy enforcer module 214 - further configured to supply the threat level to the policy module 220); and 
determining, based on the policy data, whether the future state of the one or more future states corresponds to the undesirable state (Koli, par. 0069-0070: if the threat level exceeds a particular threshold, then an administrator may be notified with details such as an computer activity … poses a risk of data leakage, which is the undesirable state).
Koli is analogous art, because they are in a similar field of endeavor in improving the detection of security risks and threats.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Muddu-Hanu system with Koli’s teaching on the use of policy for determining a future state that corresponds to the undesirable state. For this combination, the motivation would have been to improve the level of security by using a security policy.

Allowable Subject Matter
Claims 3-6 and 12-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The claims 3-6 and 12-14 each recite elements of modifying or restoring the capability based on a condition.  These elements, in combination with the other limitations in the claim 1, are not anticipated by, nor made obvious over the prior art of record.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DON ZHAO whose telephone number is (571)272.9953.  The examiner can normally be reached on Monday to Friday, 7:30 A.M to 5:00 P.M EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571.272.3862.  The fax phone number for the organization where this application or proceeding is assigned is 571.273.8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866.217.9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800.786.9199 (IN USA OR CANADA) or 571.272.1000.


/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        10/18/2022