DETAILED ACTION
 	Claims 1-20 are pending. This is in response to the application filed on October 12, 2020 which is a Continuation of 15/941,102 filed on March 30, 2018 granted under Patent 10,862,917 which claims priority to a provisional filed on April 21, 2017.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,862,917. Although the claims at issue are not identical, they are not patentably distinct from each other because both claims recite similar features as follows:
 	Claim 1 of instant application		Claim 1 of Patent 10,862,917
     determining, for a selected device in a network, at least one user of the selected device; 

    assigning a user value to the at least one user, wherein the user value is based on an identity of the at least one user; 

    determining one or more related devices on the network associated with the at least one user by evaluating behavior information of the at least one user to identify devices in the network that are in communication with the selected device; 

    calculating a composite device value for the selected device based on: (i) a value of the selected device that is based on direct or indirect relationships to the devices in the network that are in communication with the selected device, (ii) the user value, and (iii) values of the one or more related devices; 

    determining, for the selected device, a probability factor associated with potential security vulnerabilities affecting the selected device; 







     calculating a risk score for the selected device based on the composite device value and the probability factor; and 

    implementing security measures in the network based on a comparison of the risk score for the selected device with a plurality of risk scores for other devices in the network.
   determining, for a selected device in a network, at least one user of the selected device; 

   assigning a user value to the at least one user, wherein the user value is based on an identity of the at least one user; 

   determining one or more related devices on the network associated with the at least one user by evaluating behavior information of the at least one user to identify devices in the network that are in communication with the selected device; 

   calculating a composite device value for the selected device based on: (i) a value of the selected device, (ii) the user value, and (iii) values of the one or more related devices; 





   determining, for the selected device, a probability factor associated with potential security vulnerabilities affecting the selected device, the probability factor being determined based on one or more normalized diversity scores that are calculated by normalizing counted unique connections with the selected device in view of possible connections available to the selected device;

    calculating a risk score for the selected device based on the composite device value and the probability factor; and 


   implementing security measures in the network based on a comparison of the risk score for the selected device with a plurality of risk scores for other devices in the network.


 	Claims 2-8 are rejected as being dependent to claim 1.
 Claim 10 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 10 of U.S. Patent No. 10,862,917. Although the claims at issue are not identical, they are not patentably distinct from each other because both claims recite similar features. See reasoning in claim 1 rejection above.
 	Claims 11-15 are rejected as being dependent to claim 10.
Claim 16 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 16 of U.S. Patent No. 10,862,917. Although the claims at issue are not identical, they are not patentably distinct from each other because both claims recite similar features. See reasoning in claim 1 rejection above.
 	Claims 17-20 are rejected as being dependent to claim 16.
	This is an anticipatory rejection.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 16-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because there is no definition for the communication interface and the processor as hardware. Fig. 3 and related text discloses an apparatus with a network interface and a processor suggesting hardware components. However, the claims recite the apparatus disclosed in par. [0094] provides no such disclosure. Examiner suggests adding the term hardware or physical such as “hardware/[physical communication interface” and “hardware/physical processor” would make the claims eligible.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over PG Pub 20170026343 (hereinafter Wardman) in view of Patent 10,044,745 (hereinafter Jones) 
 	Regarding claim 1, Wardman discloses a computer-implemented method comprising: 
 	 determining, for a selected device in a network, at least one user of the selected device; assigning a user value to the at least one user, wherein the user value is based on an identity of the at least one user (Fig. 3, par. [0057]-[0067] disclose a security system performs one or more risk mitigation activities involving a user account associated with the anonymous account identifier where it adjusts a security score based on receiving the notification message from an external account security exchange); 
 	Wardman does not expressly discloses determining one or more related devices on the network associated with the at least one user by evaluating behavior information of the at least one user to identify devices in the network that are in communication with the selected device; 
 	calculating a composite device value for the selected device based on: (i) a value of the selected device that is based on direct or indirect relationships to the devices in the network that are in communication with the selected device, (ii) the user value, and (iii) values of the one or more related devices Jones teaches a risk assessment system for network topology describing connections between network devices (nodes) of a network, and user accounts permitted to access each network device where the system determines compromise likelihoods for the nodes included in the network topology and one or more user accounts. A compromise likelihood indicates a likelihood of a node or user account being improperly accessed (Figs. 2, 4, Summary and col. 9-10, 12-15. For example, Fig. 2D discloses a Total Expected Value which can be viewed as the composite device value). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Wardman with Jones to further teach the claimed features. One would have done so to rectify the weaknesses to a network, and update network devices to strengthen an insecure path to a network device storing valuable information; 
 	determining, for the selected device, a probability factor associated with potential security vulnerabilities affecting the selected device (Jones, Figs. 2A-D and col. 8-10 for a compromise likelihood depending which device and path the user uses); 
 	calculating a risk score for the selected device based on the composite device value and the probability factor; and implementing security measures in the network based on a comparison of the risk score for the selected device with a plurality of risk scores for other devices in the network (Jones, col. 6 discloses user behavior measurement. Jones also discloses in Fig. 2D or 4 and related text for remedial actions are taken by a system administrator if user behavior indicative of being compromised). 	
 	Regarding claim 2, Jones discloses determining a dynamic resource implementation prioritization based on the comparison of the risk score for the selected device with the plurality of risk scores for the other devices in the network, wherein the implementing is based on the dynamic resource implementation prioritization (Jones, col. 17, lines 7-28 teaches “ …the system can automatically identify changes in the network (e.g., the network 110) that will lower total compromise values and/or compromise likelihoods associated with the network and/or specific user accounts, nodes. The system can obtain information identifying nodes that user accounts have actually used in a defined time period, and determine whether blocking access to remaining nodes, e.g., nodes user accounts don't actually use, will lower the total compromise likelihood of one or more paths. For example, the system may provide recommendations to limit users' access rights to only those resources, e.g., nodes or objects within nodes, that particular user accounts have accessed within some previous time period, such as 30 or 60 days…).  

 	Regarding claim 3, Wardman discloses wherein the behavior information of the at least one user comprises network traffic flow data (par. [0102]).
 
 	Regarding claim 4, Jones discloses wherein the one or more related devices associated with the at least one user include indirectly associated devices that have at least one degree of separation from the selected device, wherein a degree of separation comprises a connection with at least one common device or common user (see Jones’ citation in claim 1 rejection). 
 	Regarding claim 5, Jones discloses wherein the indirectly associated devices include a first group of devices having one degree of separation from the selected device and a second group of devices having two degrees of separation from the selected device (Jones teaches all possible paths and number of nodes can be calculated for risk. See Figs 2A-D for examples).  

 	Regarding claim 6, Jones discloses wherein a value for an indirectly associated device of the first group of devices is larger than a value for an indirectly associated device of the second group of devices (see Figs. 2A-D, for example, Fig. 2C discloses “…the risk assessment system can select a path (e.g., the first path or the second path) that is determined to have a highest expected value of compromise. Since path two (e.g., as illustrated in FIG. 2C) includes a higher compromise likelihood of Node 6 218 (e.g., as compared to Node 5 219 in FIG. 2B), and further includes a greater communications weight, indicating that communications between Node 3 and Node 6 are more likely than between Node 3 and Node 5, the risk assessment system 100 can select path 2 as having the highest expected value…”).  

 	Regarding claim 7, Jones discloses wherein determining the probability factor associated with potential security vulnerabilities affecting the selected device includes calculating an exploit probability for the selected device (see Jones in claim 1 rejection for the compromise value of the user account based on the compromise likelihood of each Node it accesses to).  

 	Regarding claim 8, Jones discloses wherein the probability factor is based on: (i) the exploit probability of the selected device, and (ii) exploit probabilities of the one or more related devices (see Jones in claims 1 and 6 rejections).  

	Regarding claim 9, Jones discloses calculating a plurality of risk scores for the selected device, wherein each of the plurality of risk scores is determined based on a different potential security vulnerability affecting the selected device (as taught in Jones, the user can pick a first node to connect to an ending node but the path and number of nodes accessed in between the two end points can result in different scores).


 	Regarding claim 10, the combination of Wardman and Jones discloses a non-transitory computer readable storage media encoded with instructions that, when executed by a processor, cause the processor to perform operations comprising:  
 	determining, for a selected device in a network, at least one user of the selected device; 
 	assigning a user value to the at least one user, wherein the user value is based on an identity of the at least one user; 
 	determining one or more related devices on the network associated with the at least one user by evaluating behavior information of the at least one user to identify devices in the network that are in communication with the selected device; 
 	calculating a composite device value for the selected device based on: (i) a value of the selected device that is based on direct or indirect relationships to the devices in the network that are in communication with the selected device, (ii) the user value, and (iii) values of the one or more related devices; 
 	determining, for the selected device, a probability factor associated with potential security vulnerabilities affecting the selected device; 
 	calculating a risk score for the selected device based on the composite device value and the probability factor; and 
 	implementing security measures in the network based on a comparison of the risk score for the selected device with a plurality of risk scores for other devices in the network.  
	See claim 1 rejection.

 	Regarding claim 11, the combination of Wardman and Jones discloses wherein the implementing is based on a dynamic resource implementation prioritization that is determined based on the comparison of the risk score for the selected device with the plurality of risk scores for the other devices in the network (see claim 2 rejection).  

 	Regarding claim 12, the combination of Wardman and Jones discloses wherein the behavior information of the at least one user comprises network traffic flow data (see claim 3 rejection).  

 	Regarding claim 13, the combination of Wardman and Jones discloses wherein the one or more related devices associated with the at least one user include indirectly associated devices, including a first group of devices having one degree of separation from the selected device and a second group of devices having two degrees of separation from the selected device, wherein a degree of separation comprises a connection with at least one common device or common user (see claims 4-5 rejections).  

 	Regarding claim 14, the combination of Wardman and Jones discloses wherein determining the probability factor associated with potential security vulnerabilities affecting the selected device includes calculating an exploit probability for the selected device (see claim 7 rejection).  

 	Regarding claim 15, the combination of Wardman and Jones discloses wherein the probability factor is based on: (i) the exploit probability of the selected device, and (ii) exploit probabilities of the one or more related devices (see claim 8 rejection).  

  	Regarding claim 16, the combination of Wardman and Jones discloses an apparatus comprising: 
 	a communication interface configured to enable network communications with a plurality of devices in a network; and
 	 a processor coupled with the communication interface, and configured to: 
 	determine, for a selected device in the network, at least one user of the selected device; assign a user value to the at least one user, wherein the user value is based on an identity of the at least one user; determine one or more related devices on the network associated with the at least one user by evaluating behavior information of the at least one user to identify devices in the network that are in communication with the selected device; calculate a composite device value for the selected device based on: (i) a value of the selected device that is based on direct or indirect relationships to the devices in the network that are in communication with the selected device, (ii) the user value, and (iii) values of the one or more related devices; determine, for the selected device, a probability factor associated with potential security vulnerabilities affecting the selected device; calculate a risk score for the selected device based on the composite device value and the probability factor; and implement security measures in the network based on a comparison of the risk score for the selected device with a plurality of risk scores for other devices in the network.  
	See claim 1 rejection.

 	Regarding claim 17, the combination of Wardman and Jones discloses wherein an implementation of security measures is based on a dynamic resource implementation prioritization that is determined based on the comparison of the risk score for the selected device with the plurality of risk scores for the other devices in the network (see claim 2 rejection).  

 	Regarding claim 18, the combination of Wardman and Jones discloses wherein the one or more related devices associated with the at least one user include indirectly associated devices, including a first group of devices having one degree of separation from the selected device and a second group of devices having two degrees of separation from the selected device, wherein a degree of separation comprises a connection with at least one common device or common user (see claims 4-5 rejections).  

 	Regarding claim 19, the combination of Wardman and Jones discloses wherein determining the probability factor associated with potential security vulnerabilities affecting the selected device includes calculating an exploit probability for the selected device (see claim 7 rejection).  

 	Regarding claim 20, the combination of Wardman and Jones discloses wherein the probability factor is based on: (i) the exploit probability of the selected device, and (ii) exploit probabilities of the one or more related devices (see claim 8 rejection).

Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRI M TRAN/Primary Examiner, Art Unit 2432