Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-22 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-22 of copending Application No. 17/301,356. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-22 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of copending Application No. 17/247,701. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of copending Application No. 17/247,705. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-36 of copending Application No. 17/247,714. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of copending Application No. 17/128,471. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of copending Application No. 17/247,710. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of copending Application No. 17/247,706. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-22 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-22 of copending Application No. 17/301,352. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-22 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-22 of copending Application No. 17/219,561. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claims 1-22 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-25 of copending Application No. 17/301,361. Although the claims at issue are not identical, they are not patentably distinct from each other because the functional limitations merely swap the name of a type of data the method uses.
	This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-22 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea of collecting, analyzing, manipulating and reporting data without significantly more. See Berkheimer (Fed. Cir. 2018); and Electric Power Group (Fed. Cir. 2016).
	Claim 1 recites the following:
	A method comprises: determining, by an analysis system that includes one or more computing entities, a system aspect of a system for a continuous security monitoring evaluation, wherein the system aspect includes at least one system element of the system, at least one system criteria of the system, and at least one system mode of the system; [Additional elements that do not amount to more than the judicial exception, i.e., computing entities. Also, abstract idea of analyzing data. Mental Process. A human-mind with pen and paper can determine a system aspect of a system, e.g., evaluating system issues listed on paper log files.]
	determining, by the analysis system, at least one evaluation perspective for use in performing the continuous security monitoring evaluation on the system aspect; [Abstract idea of analyzing data. Mental Process. A human-mind with pen and paper can determine an evaluation perspective for use in performing an issue detection of a system, e.g., selecting evaluation perspective listed on paper log files.]
	determining, by the analysis system, at least one evaluation viewpoint for use in performing the continuous security monitoring evaluation on the system aspect; [Abstract idea of analyzing data. Mental Process. A human-mind with pen and paper can determine an evaluation viewpoint for use in performing a continuous security monitoring evaluation of a system, e.g., selecting evaluation viewpoint listed on paper log files.]
	obtaining, by the analysis system, continuous security monitoring data regarding the system aspect in accordance with the at least one evaluation perspective and the at least one evaluation viewpoint; and [Abstract idea of collecting data. Mental Process. A human-mind with pen and paper can obtain continuous security monitoring data regarding a system, e.g., obtain paper log files with issue detection data listed.]
	calculating, by the analysis system, a continuous security monitoring rating as a measure of continuous security monitoring maturity for the system aspect based on the continuous security monitoring data, at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric. [Abstract idea of analyzing data. Mental Process. A human-mind with pen and paper can calculate a continuous security monitoring rating as a measure, e.g., using pen and paper to write-out and solve a function for an continuous security monitoring rating.]
	Subject Matter Eligibility Test (MPEP 2106 35 U.S.C. 101 Analysis):
	Step 1 (Statutory Categories)- is the claim to a process, machine, manufacture, or composition of matter? Yes, claim is to “a method…” See above [rationale] for detailed explanation.
	Step 2A (Judicial Exceptions)- is the claim directed to a law of nature, a natural phenomenon (product of nature), or an abstract idea? Yes, claim is directed to collecting, analyzing, manipulating and displaying data (i.e., determining, obtaining, calculating). See above [rationale] for detailed explanation.
	Step 2B (Inventive Concept)- does the claim recite additional elements that amount to significantly more than the judicial exception? No, claim recites additional elements such as generic computer elements for implementing the abstract idea, i.e., computing entities. See above [rationale] for detailed explanation.
	Conclusion (Eligibility)- Claim is not eligible subject matter under 35 U.S.C. 101.
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. Accordingly, the claimed invention takes a general approach and applies it to an application of choice. This general approach could be applied to any application within or outside of computer technology. For example, the approach could be used to monitor a business process for anomalies.
(Another example is Berkheimer v. HP, Inc., 881 F.3d 1360, 125 USPQ2d 1649 (Fed. Cir. 2018), in which the patentee claimed methods for parsing and evaluating data using a computer processing system. The Federal Circuit determined that these claims were directed to mental processes of parsing and comparing data, because the steps were recited at a high level of generality and merely used computers as a tool to perform the processes. 881 F.3d at 1366, 125 USPQ2d at 1652-53.). MPEP 2106.04(a)(2) Mathematical Concepts and Mental Processes.
	The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 2 recites the following:
	The method of claim 1 further comprises: receiving, by the analysis system, an input, wherein the input identifies at least one of: the system aspect; the at least one evaluation perspective; and the at least one evaluation viewpoint. [Abstract idea of analyzing data. Mental Process. A human-mind with pen and paper can determine an aspect, perspective, and/or viewpoint.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 3 recites the following:
	The method of claim 1 further comprises: a system element of the at least one system element includes an enterprise identifier, an organization identifier, a division identifier, a department identifier, a group identifier, a sub- group identifier, a device identifier, a software identifier, or an internet protocol address identifier; [Abstract data types. Mental Process.]
	a system criteria of the at least one system criteria being system guidelines, system requirements, system design, system build, or resulting system; and [Abstract data types. Mental Process.]
	a system mode of the at least one system mode being assets, system functions, or security functions. [Abstract data types. Mental Process.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 4 recites the following:
	The method of claim 1 further comprises: an evaluation perspective of the at least one evaluation perspective being an understanding perspective, an implementation perspective, an operation perspective, or a self-analysis perspective. [Abstract data types. Mental Process.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 5 recites the following:
	The method of claim 1 further comprises: an evaluation viewpoint of the at least one evaluation viewpoint being a disclosed viewpoint, a discovered viewpoint, or a desired viewpoint. [Abstract data types. Mental Process.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 6 recites the following:
	The method of claim 1 further comprises: an evaluation rating metric of the at least one evaluation rating metric being a process rating metric, a policy rating metric, a procedure rating metric, a certification rating, a documentation rating metric, or an automation rating metric. [Abstract data types. Mental Process.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 7 recites the following:
	The method of claim 1, wherein the obtaining the continuous security monitoring data comprises: determining data gathering parameters regarding the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the least one evaluation rating metric; [Abstract idea of collecting data. Mental Process. A human-mind with pen and paper can determine data gathering parameters.]
	identifying the at least one system element of the system aspect based on the data gathering parameters; [Abstract idea of analyzing data. Mental Process. A human-mind with pen and paper can identify system elements.]
	obtaining continuous security monitoring information from the at least one system element in accordance with the data gathering parameters; and [Abstract idea of collecting data. Mental Process. A human-mind with pen and paper can obtain issue detection data regarding a system, e.g., obtain paper log files with issue detection data listed.]
	recording the continuous security monitoring information from the at least one system element to produce the continuous security monitoring data. [Abstract idea of storing/collecting data. Mental Process. A human-mind with pen and paper can record issued detection information.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 8 recites the following:
	The method of claim 7, wherein the data gathering parameters is regarding at least one of: network monitoring implementation related to the system aspect; [Abstract data types.]
	physical environment monitoring implementation related to the system aspect; [Abstract data types.]
	personnel activity monitoring implementation related to the system aspect; [Abstract data types.]
	malicious code detection implementation related to the system aspect; [Abstract data types.]
	unauthorized mobile code detection implementation related to the system aspect; [Abstract data types.]
	external service provider activity monitoring implementation related to the system aspect; [Abstract data types.]
	unauthorized personnel monitoring implementation related to the system aspect; [Abstract data types.]
	unauthorized connection monitoring implementation related to the system aspect; [Abstract data types.]
	unauthorized device monitoring implementation related to the system aspect; [Abstract data types.]
	unauthorized software monitoring implementation related to the system aspect; and [Abstract data types.]
	vulnerability scanning implementation related to the system aspect. [Abstract data types.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 9 recites the following:
	The method of claim 1, wherein the calculating the continuous security monitoring rating comprises: selecting and performing at least two of: [Abstract idea of analyzing data. Mental Process.]
	based on the continuous security monitoring data and process analysis parameters, generating a process rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the at least one evaluation rating metric; [Abstract idea of analyzing and manipulating data. Mental Process.]
	based on the continuous security monitoring data and policy analysis parameters, generating a policy rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the at least one evaluation rating metric; [Abstract idea of analyzing and manipulating data. Mental Process.]
	based on the continuous security monitoring data and documentation analysis parameters, generating a documentation rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the at least one evaluation rating metric; [Abstract idea of analyzing and manipulating data. Mental Process.]
	based on the continuous security monitoring data and automation analysis parameters, generating an automation rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the at least one evaluation rating metric; [Abstract idea of analyzing and manipulating data. Mental Process.]
	based on the continuous security monitoring data and procedure analysis parameters, generating a procedure rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the at least one evaluation rating metric; and [Abstract idea of analyzing and manipulating data. Mental Process.]
	based on the continuous security monitoring data and certification analysis parameters, generating a certification rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the at least one evaluation rating metric; and [Abstract idea of analyzing and manipulating data. Mental Process.]
	generating the continuous security monitoring rating based on the selected and performed at least two of: the process rating, the policy rating, the documentation rating, the automation rating, the procedure rating, and the certification rating. [Abstract idea of analyzing and manipulating data. Mental Process.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 10 recites the following:
	The method of claim 1 further comprises at least one of: determining, by the analysis system, a system criteria deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; [Abstract idea of analyzing data. Mental Process.]
	determining, by the analysis system, a system mode deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; [Abstract idea of analyzing data. Mental Process.]
	determining, by the analysis system, an evaluation perspective deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; and [Abstract idea of analyzing data. Mental Process.]
	determining, by the analysis system, an evaluation viewpoint deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data. [Abstract idea of analyzing data. Mental Process.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc.
	Claim 11 recites the following:
	The method of claim 1 further comprises: determining, by the analysis system, a deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; [Abstract idea of analyzing data. Mental Process.]
	determining, by the analysis system, whether the deficiency is auto-correctable; and when the deficiency is auto-correctable, auto-correcting, by the analysis system, the deficiency. [Abstract idea of analyzing data. Mental Process.]
	This judicial exception is not integrated into a practical application because the idea does not improve the claimed “computer” itself and is not necessarily rooted in technology. The method merely collects, analyzes, manipulates and reports data. In other words, it is just generic analysis using a computer. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim merely recites generic computer components to implement the idea, i.e., computer, processor, memory, etc. 
	Claims 12-22 are rejected based on similar citations and rationale given to claims 1-11.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-8, 10-19 and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over George et al. US 2016/0335166 (hereinafter “George”).
	Regarding claim 1, George teaches: A method comprises: determining, by an analysis system that includes one or more computing entities, a system aspect of a system for a continuous security monitoring evaluation, wherein the system aspect includes at least one system element of the system, at least one system criteria of the system, and at least one system mode of the system; [George, FIGs. 1-2 and 0046: “At 202, recovery system 10 monitors storage nodes in a cluster of a distributed storage system. At 204, recovery system 10 detects the failure of one or more storage nodes, or detects impending failure of one or more storage nodes in the cluster based on real-time system metrics… At 206, recovery system 10 can analyze the real-time system metrics from metrics repository 14;” and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	determining, by the analysis system, at least one evaluation perspective for use in performing the continuous security monitoring evaluation on the system aspect; [George, FIG. 2 and 0046: “At 206, recovery system 10 can analyze the real-time system metrics from metrics repository 14;” and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others. The recovery parameters can be used to realize how a recovery process is to be executed.”]
	determining, by the analysis system, at least one evaluation viewpoint for use in performing the continuous security monitoring evaluation on the system aspect; [George, FIG. 2 and 0048: “At 210, recovery system 10 can identify policies associated with the data to be recovered. The policies may be identified from policies stored in policies repository 12, which have been configured by a user (e.g., IT Administrator). At 212, these identified policies can be used to determine a recovery order for data from the failed node or nodes to be recovered.”]
	obtaining, by the analysis system, continuous security monitoring data regarding the system aspect in accordance with the at least one evaluation perspective and the at least one evaluation viewpoint; and [George, FIG. 2 and 0048: “At 210, recovery system 10 can identify policies associated with the data to be recovered. The policies may be identified from policies stored in policies repository 12, which have been configured by a user (e.g., IT Administrator). At 212, these identified policies can be used to determine a recovery order for data from the failed node or nodes to be recovered. The recovery order can be based on policies in terms of data priority, tenant priority, data replica count based policies, or any other policies that could determine which data to recover first.”]
	George’s first embodiment (fig. 2 flowchart) does not expressively disclose calculating, by the analysis system, a continuous security monitoring rating as a measure of continuous security monitoring maturity for the system aspect based on the continuous security monitoring data, at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric. However, in an example implementation while discussing figure 2 flowchart George exemplifies prioritizing (i.e., rating) tenants issues based on importance (George, par. 0049).
	George’s exemplary embodiment teaches: calculating, by the analysis system, a continuous security monitoring rating as a measure of continuous security monitoring maturity for the system aspect based on the continuous security monitoring data, at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric. [George, 0048: “The recovery order can be based on policies in terms of data priority, tenant priority, data replica count based policies, or any other policies that could determine which data to recover first;” and 0049: “If the subscription type assigned to Tenant A has a higher priority than the subscription type assigned to Tenant B, then the recovery order can indicate that the 1000 objects associated with Tenant A are to be recovered first. Other policies associated with the data to be recovered can also be identified. For example, data replica count based policies could be identified, which can indicate that a higher priority is to be given to any data that is minimally replicated in the cluster (e.g., 1 replica remaining), or to prioritize sets of data based on how many replicas for each set exist in an active storage node in the cluster...”]
	Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to have combined both embodiments disclosed by George. One would have been motivated to have combined the embodiments because George anticipates the exemplary use.
	Regarding claim 2: The method of claim 1 further comprises: receiving, by the analysis system, an input, wherein the input identifies at least one of: the system aspect; [George, FIGs. 1-2 and 0046: “At 202, recovery system 10 monitors storage nodes in a cluster of a distributed storage system. At 204, recovery system 10 detects the failure of one or more storage nodes, or detects impending failure of one or more storage nodes in the cluster based on real-time system metrics… At 206, recovery system 10 can analyze the real-time system metrics from metrics repository 14…”]
	the at least one evaluation perspective; and [George, FIG. 2 and 0046: “At 206, recovery system 10 can analyze the real-time system metrics from metrics repository 14;” and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others. The recovery parameters can be used to realize how a recovery process is to be executed.”]
	the at least one evaluation viewpoint. [George, FIG. 2 and 0048: “At 210, recovery system 10 can identify policies associated with the data to be recovered. The policies may be identified from policies stored in policies repository 12, which have been configured by a user (e.g., IT Administrator). At 212, these identified policies can be used to determine a recovery order for data from the failed node or nodes to be recovered.”]
	Regarding claim 3: The method of claim 1 further comprises: a system element of the at least one system element includes an enterprise identifier, an organization identifier, a division identifier, a department identifier, a group identifier, a sub- group identifier, a device identifier, a software identifier, or an internet protocol address identifier; [George, FIG. 2 and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	a system criteria of the at least one system criteria being system guidelines, system requirements, system design, system build, or resulting system; and [George, FIG. 2 and 0047: “…As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	a system mode of the at least one system mode being assets, system functions, or security functions. [George, FIG. 2 and 0047: “…As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	Regarding claim 4: The method of claim 1 further comprises: an evaluation perspective of the at least one evaluation perspective being an understanding perspective, an implementation perspective, an operation perspective, or a self-analysis perspective. [George, FIG. 2 and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	Regarding claim 5: The method of claim 1 further comprises: an evaluation viewpoint of the at least one evaluation viewpoint being a disclosed viewpoint, a discovered viewpoint, or a desired viewpoint. [George, FIG. 2 and 0048: “At 210, recovery system 10 can identify policies associated with the data to be recovered. The policies may be identified from policies stored in policies repository 12, which have been configured by a user (e.g., IT Administrator). At 212, these identified policies can be used to determine a recovery order for data from the failed node or nodes to be recovered.”]
	Regarding claim 6: The method of claim 1 further comprises: an evaluation rating metric of the at least one evaluation rating metric being a process rating metric, a policy rating metric, a procedure rating metric, a certification rating, a documentation rating metric, or an automation rating metric. [George, 0048: “The recovery order can be based on policies in terms of data priority, tenant priority, data replica count based policies, or any other policies that could determine which data to recover first”]
	Regarding claim 7: The method of claim 1, wherein the obtaining the continuous security monitoring data comprises: determining data gathering parameters regarding the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and the least one evaluation rating metric; [George, FIG. 2 and 0046: “At 206, recovery system 10 can analyze the real-time system metrics from metrics repository 14;” and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others. The recovery parameters can be used to realize how a recovery process is to be executed.”]
	identifying system elements of the system aspect based on the data gathering parameters; [George, FIG. 2 and 0046-0047]
	obtaining continuous security monitoring information from the system elements in accordance with the data gathering parameters; and [George, FIG. 2 and 0046-0047]
	recording the continuous security monitoring information from the system elements to produce the continuous security monitoring data. [George, FIG. 2 and 0046-0047]
	Regarding claim 8: The method of claim 7, wherein the data gathering parameters is regarding at least one of: network monitoring implementation related to the system aspect; [George, FIG. 2 and 0046: “At 206, recovery system 10 can analyze the real-time system metrics from metrics repository 14;” and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others. The recovery parameters can be used to realize how a recovery process is to be executed.”]
	physical environment monitoring implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	personnel activity monitoring implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	malicious code detection implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	unauthorized mobile code detection implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	external service provider activity monitoring implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	unauthorized personnel monitoring implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	unauthorized connection monitoring implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	unauthorized device monitoring implementation related to the system aspect; [George, FIG. 2 and 0046-0047]
	unauthorized software monitoring implementation related to the system aspect; and [George, FIG. 2 and 0046-0047]
	vulnerability scanning implementation related to the system aspect. [George, FIG. 2 and 0046-0047]
	Regarding claim 10: The method of claim 1 further comprises at least one of: determining, by the analysis system, a system criteria deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; [George, FIG. 2 and 0046: “At 202, recovery system 10 monitors storage nodes in a cluster of a distributed storage system. At 204, recovery system 10 detects the failure of one or more storage nodes, or detects impending failure of one or more storage nodes in the cluster based on real-time system metrics… At 206, recovery system 10 can analyze the real-time system metrics from metrics repository 14;” and 0047: “At 208, recovery parameters can be generated based on the analysis of the real-time system metrics, which indicate characteristics of the cluster nodes and ongoing system activity. As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	determining, by the analysis system, a system mode deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; [George, FIG. 2 and 0046-0047: “…As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	determining, by the analysis system, an evaluation perspective deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; and [George, FIG. 2 and 0046-0047: “…As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	determining, by the analysis system, an evaluation viewpoint deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data. [George, FIG. 2 and 0046-0047: “…As previously described herein, recovery parameters can include a recovery operation priority parameter, a client operation priority parameter, a recovery threads parameter, a recovery maximum active parameter, and possibly others.”]
	Regarding claim 11: The method of claim 1 further comprises: determining, by the analysis system, a deficiency of the system aspect based on the continuous security monitoring rating and the continuous security monitoring data; [George, 0048: “The recovery order can be based on policies in terms of data priority, tenant priority, data replica count based policies, or any other policies that could determine which data to recover first;” and 0049: “If the subscription type assigned to Tenant A has a higher priority than the subscription type assigned to Tenant B, then the recovery order can indicate that the 1000 objects associated with Tenant A are to be recovered first. Other policies associated with the data to be recovered can also be identified. For example, data replica count based policies could be identified, which can indicate that a higher priority is to be given to any data that is minimally replicated in the cluster (e.g., 1 replica remaining), or to prioritize sets of data based on how many replicas for each set exist in an active storage node in the cluster...”]
	determining, by the analysis system, whether the deficiency is auto-correctable; and when the deficiency is auto-correctable, auto-correcting, by the analysis system, the deficiency. [George, 0050: “At 214, recovery system 10 can generate a recovery plan for the data of the failed storage node, based on the recovery order and the recovery parameters. The recovery order can be used to configure the order of recovering the data, and the recovery parameters can be used to configure how to perform the recovery process. In at least one embodiment, the recovery plan can be executed to initiate the recovery process.”]
	Claims 12-19 and 21-22 are rejected based on the same citations and rationale given to claims 1-8 and 10-11.
Examiner’s Comments
No prior art rejections were given to claims 9 and 20. The prior arts do not teach nor suggest the following:
(Claim 9) The method of claim 1, wherein the calculating the continuous security monitoring rating comprises: selecting and performing at least two of: based on the continuous security monitoring data and process analysis parameters, generating a process rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric; based on the continuous security monitoring data and policy analysis parameters, generating a policy rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric; based on the continuous security monitoring data and documentation analysis parameters, generating a documentation rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric; based on the continuous security monitoring data and automation analysis parameters, generating an automation rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric; based on the continuous security monitoring data and procedure analysis parameters, generating a procedure rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric; and based on the continuous security monitoring data and certification analysis parameters, generating a certification rating for the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric; and generating the continuous security monitoring rating based on the selected and performed at least two of the process rating, the policy rating, the documentation rating, the automation rating, the procedure rating, and the certification rating.
Generally, the prior arts teach methods for recovering a distributed system. Claim 9 builds on the prior arts as recited above. Claim 20 recites similarly to claim 9.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JONATHAN D GIBSON whose telephone number is (571)431-0699. The examiner can normally be reached Monday - Friday 8:00 A.M.-4:00 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, BRYCE P BONZO can be reached on (571)-272-3655. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JONATHAN D GIBSON/Primary Examiner, Art Unit 2113