Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114 
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/11/2022 has been entered.

Information Disclosure Statement
3.	The information disclosure statement (IDS) submitted on 04/21/2022 has been considered by the examiner.

Status of Claims
4.	This Office Action is issued in response to the Amendment filed on 07/11/2022.
Claims 1-25 are pending in this Office Action.
Claims 1, 3, 7-11, 17-19, 21, 22, and 25 have been amended.



Response to Arguments
5.	Applicant's remarks regarding 35 U.S.C. § 103 rejections have been fully considered but are not persuasive.
	Applicant argues “none of the references of record (singularly or in any combination) appear to teach or suggest a malicious current data threat as recited in claim 1 of the present application. In sharp contrast, as the rejection has noted, Doyle teaches/suggests "a software vulnerability." See FOA at 6 and 9, and Doyle at 0028-0029. However, Doyle's "software vulnerability" is not a malicious data threat, but rather, as the term implies, an aspect of Doyle's network that is vulnerable to something. From a cursory reading of the reference, Doyle's "software vulnerability" is itself not described to be malicious, nor would one expect it to be as it is part of Doyle's network that is being protected or otherwise managed. See Id at 0030. Applicant notes that none of the other references of record (singularly or in any combination) appear to remedy these deficiencies. Applicant respectfully requests reconsideration and allowance of claim 1.”
	Examiner’s response: The specification or the claims do not explicitly define the term “malicious current data threat”. The term “malicious” is defined as “full of, characterized by, or showing malice; intentionally harmful; spiteful” (https://www.dictionary.com/browse/malicious), “characterized by malice; intending or intended to do harm” (https://www.bing.com/search?q=define+malicious&cvid=7bf09f62f5664f858be2bb721ed89cb0&aqs=edge.0.69i59l2j69i57j69i59j0l5.4204j0j1&FORM=ANAB01&PC=U531), and “malicious: having or showing a desire to cause harm to someone;  given to, marked by, or arising from malice” (https://www.merriamwebster.com/dictionary/malicious).  Therefore, one of ordinary skill in the art would reasonably interpret any “data threat” as “malicious data threat” because data threat is intending to cause/do harm. Since software vulnerability, which Doyle teaches as presented in the previous office action and as Applicant points out that Doyle teaches, is a threat to data and intending to cause harm, software vulnerability is a malicious data threat.  Additionally, Doyle discloses malicious data threat in using exploits and threat events-different forms of malicious actions-  developed for software vulnerability to generate threat score for a candidate software vulnerability (paragraph [0005]) and identifying activities that potentially target and/or exploit the vulnerability (paragraph [0029]).  Hence, Doyle does teach malicious current data threat.
	Applicant’s arguments of other claims are based on arguments of claim 1 which are found not persuasive; therefore, arguments of other claims are also not persuasive at least for the same reasons as claim 1.
Since Applicant’s arguments are not persuasive, the previous applied arts are still applicable to the present amended claims 1-17, 19 and 21.  Please see newly applied rejections for amended limitations in detail below.

Claim Rejections - 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


7.	Claims 1-5, 7-15, 17, 19, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Doyle et al. (US 2020/0210590), hereinafter “Doyle”, in view of Banasik et al. (US 2018/0189147), hereinafter “Banasik”.
	Regarding claim 11, Doyle discloses a computer program product comprising one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media (paragraphs [0069]- [0073]), the program instructions comprising instructions configured to cause one or more processors to perform a method comprising:
	training, by the one or more processors, a cognitive network, utilizing metadata associated with historic data threats (paragraph [0005]: training a model for threat score assessment of software vulnerabilities from historic threat events utilizing exploits that have already been developed for software vulnerability; paragraphs [0046] and [0047]: the threat score prediction model is generated by machine learning including artificial neural network.  Paragraphs [0065]-[0066]: vulnerability characteristics-metadata.  Note: exploits, threat events and software vulnerability are malicious data threat; candidate software vulnerability is one form of stored instances of data); 
inputting, by the one or more processors, metadata associated with a malicious current data threat into the trained cognitive network (paragraphs [0028]-[0029]: identifying current vulnerability; paragraphs [0046], [0065]-[0066]: a set of vulnerability characteristics are applied as input), the metadata including an identification of the malicious current data threat (tables 1 and 2: vulnerability names), one or more types of data susceptible to and negatively affected by the malicious current data threat (paragraph [0051]: media type of threat events), and one or more locations where the current data threat has occurred (paragraph [0051]: media type of threat events are where the threat also have happened.  Note: Doyle discloses the types of historic threat events and although Doyle does not explicitly disclose these metadata in relating to current data threat, it would be obvious for one of ordinary skill in the art before the effective filing date to apply these metadata to current data threat because the result would be predictable and resulted in having informative information of current data threat for efficiently tracking and recording data threat); 
identifying, by the one or more processors and the trained cognitive network, one or more stored instances of data determined to be vulnerable to the malicious current data threat (paragraph [0005]: association of enterprise network with software vulnerabilities; paragraph [0046]: input data is used to determine a threat score for a candidate software vulnerability- stored instances of data); and 
Doyle discloses determining a threat score for the candidate software vulnerability (paragraph [0046]), but Doyle does not disclose adjusting, by the processor, one or more security aspects of the one or more stored instances of data determined to be vulnerable to the malicious current data threat.  However, changing security aspect for stored data based on threat score in known in the art and Banasik’s teaching is an example (Abstract and paragraph [0018]: relation of data protection plan-security aspect- with respect of risk-threat- score).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Doyle’s teaching of training a cognitive network to identify vulnerability of stored data to malicious current data threat with Banasik’s teaching of changing security aspect for stored data based on threat score to have an obvious and predictable result of adjusting one or more security aspects of the one or more stored instances of data determined to be vulnerable to the  malicious current data threat.  The motivation to do so would be to protect data as taught by Banasik (paragraphs [0002]-[0004]).
Regarding claim 12, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the cognitive network includes a neural network (Doyle, paragraph [0047]: machine learning algorithms include artificial neural network).
Regarding claim 13, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the metadata associated with the historic data threats includes an identification of the historic data threats (Doyle, paragraphs [0044] and [0051]: historic threat events).
Regarding claim 14, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the metadata associated with the historic data threats includes one or more types of data susceptible to the historic data threats (Doyle, paragraph [0066]).
Regarding claim 15, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the metadata associated with the historic data threats includes one or more locations where the historic data threats have occurred (Doyle, paragraph [0051]: media type or topic of threat events could indicate where a threat event occurs).
Regarding claim 17, Doyle and Banasik disclose the computer program product of claim 1.  Doyle further discloses wherein the metadata associated with the malicious current data threat is extracted from one or more data sources (Doyle, paragraph [0051]).
Regarding claim 19, Doyle and Banasik disclose the computer program product of claim 11.  Doyle further discloses wherein the trained cognitive network takes the metadata associated with the malicious current data threat as input, and outputs an indication of the one or more stored instances of data determined to be vulnerable to the current data threat (Doyle, paragraph [0046]).
Claims 1, 2, 4, 5 and 9 claim similar subject matters to claims 11, 12, 14, 15, and 19 respectively; therefore, claims 1, 2, 4, 5 and 9 are rejected at least for the same reasons as claims 11, 12, 14, 15, and 19 respectively.
Regarding claim 3, Doyle and Banasik disclose the method of claim 1 (which is rejected at least for the same reasons as claim 11).  Doyle and Banasik further disclose wherein the one or more stored instances of data are susceptible to being attacked by the malicious current data threat (Doyle, paragraph [0005]: determining a threat score for a candidate software vulnerability that is indicative of a likelihood that the candidate software vulnerability will be targeted for exploitation and/or successfully exploited), wherein the historic data threats include instances of malware attacks (Banasik, paragraphs [0018] and [0024]: vulnerability related to computer viruses and worms- forms of malware attacks), and the metadata associated with the historic data threats includes an identification of the historic data threats (Doyle, tables 1 and 2: vulnerability names; paragraphs [0044] and [0051]: historic threat events), one or more types of data susceptible to and negatively affected by the historic data threats (Doyle, paragraph [0051]: media type of threat events and paragraph [0066]), and one or more locations where the historic data threats have occurred (Doyle, paragraph [0051]: media type of threat events are where the threat also have happened).
Regarding claim 7, Doyle and Banasik disclose the method of claim 1 (which is rejected at least for the same reasons as claim 11).  Doyle and Banasik further disclose wherein the malicious current data threat includes a malware attack (Banasik, paragraphs [0018] and [0024]: vulnerability related to computer viruses and worms- forms of malware attacks), and the metadata associated with the malicious current data threat is extracted from one or more data sources (Doyle, paragraph [0051]) and includes an identification of the current data threat (Doyle, tables 1 and 2: vulnerability names), one or more types of data susceptible to and negatively affected by the current data threat (Doyle, paragraph [0051]: media type of threat events), one or more locations where the current data threat has occurred (Doyle, paragraph [0051]: media type of threat events are where the threat also have happened.  Note: Doyle discloses the types of historic threat events and although Doyle does not explicitly disclose these metadata in relating to current data threat, it would be obvious for one of ordinary skill in the art before the effective filing date to apply these metadata to current data threat because the result would be predictable and resulted in having informative information of current data threat for efficiently tracking and recording data threat).
Regarding claim 8, Doyle and Banasik disclose the method of claim 1 (which is rejected at least for the same reasons as claim 11).  Doyle further discloses wherein the metadata associated with the malicious current data threat is extracted from one or more news sources, one or more blog posts, and one or more social media posts (Doyle, paragraphs [0038] and [0051)).
Regarding claim 10, Doyle and Banasik disclose the method of claim 1 (which is rejected at least for the same reasons as claim 11).  Doyle and Banasik further disclose wherein the one or more security aspects of one or more stored instances of data determined to be vulnerable to the malicious current data threat are adjusted by changing a sensitivity level for the one or more stored instances of data (Doyle, paragraph [0048]: updating threat scores.  Banasik, Abstract: relation of data protection plan with respect of risk score.  The combination of Doyle and Banasik’s teachings makes the obviousness of the interrelation of the security aspects and sensitivity level for the stored data; therefore, when the security aspects are adjusted, the sensitivity level of stored data would also be changed, so the stored data would be protected accordingly).
Claim 21 claims similar subject matters to claim 11; therefore, claim 21 is rejected at least for the same reasons as claim 11.  Furthermore, Doyle discloses a system with a processor and logic integrated with the processor, executable by the processor, or integrated with and executable by the processor (paragraph [0069]).
8.	Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Doyle et al. (US 2020/0210590), hereinafter “Doyle”, in view of Banasik et al. (US 2018/0189147), hereinafter “Banasik”, and in view of Bang (US 2016/0300065), hereinafter “Bang”.
Regarding claim 16, Doyle and Banasik disclose the computer program product of claim 11.  Doyle and Banasik do not explicitly disclose wherein metadata associated with the one or more stored instances of data determined to be vulnerable to the historic data threats are labeled as vulnerable to the historic data threats, and are input into the cognitive network along with metadata associated with the historic data threats.  However, tagging vulnerability data is known in the art and Bang’s teaching is an example (paragraphs [0013] and [0031]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Doyle and Banasik’s teachings of training a cognitive network to identify vulnerability of stored data to current data threat and changing security aspect for stored data based on threat score with Bang’s teaching of tagging vulnerability data to have tagged vulnerability for stored data which are used as input into the cognitive network along with metadata associated with the historic data threats.  The motivation to do so would be to optimize and efficiently identifying and tracking the vulnerabilities as taught by Bang (paragraph [0005]). 
	Claim 6 claims similar subject matters to claim 16; therefore, claim 6 is rejected at least for the same reasons as claim 16.

Allowable Subject Matter
9.	Claims 18 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim.
	Claims 22-25 are allowed.

Conclusion	
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to THANH T. LE whose telephone number is (571)270-0279.  The examiner can normally be reached on Monday-Thursday 8:00 am- 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

		/THANH T LE/                                Examiner, Art Unit 2495