Notice of Pre-AIA  or AIA  Status
	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-23 are pending.
Information Disclosure Statement PTO-1449 
	The Information Disclosure Statement submitted by applicant on 04-20-2021 has been considered. Please see attached PTO-1449. 
Claim Rejections - 35 USC § 101
	835 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

	Claims 1, 3-13 and 15-23 are rejected under 35 U.S.C. 101 because the claimed invention are directed to an abstract idea without significantly more.
	The claims when analyzed under 2019 Revised Patent Subject Matter Eligibility Guidance are directed to abstract idea. 
	Claim 13 for example, recites the following limitation: “[a]system…comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: generate a cyber event catalog…; and simulate a cyber event, of the plurality of cyber events included in the cyber event catalog…”. 
	Claim  is directed to a system, therefore claim passes the step 1 of Patent Subject Matter Eligibility Guidance.
	The limitation of “generate a cyber event catalog…;and simulate a cyber event, of the plurality of cyber events” under the broadest reasonable interpretation is directed to organizing human activity. Nothing in claim element precludes the step from particularly being perform through human activity. For example, the claim encompasses a human generates a cyber event catalog and simulate a cyber event”. Thus, the claim recites organizing human activity which is an abstract idea when analyzed under step 2A prong 1.
	The additional element of the claim (“a processing circuitry; and a memory”) is no more than mere instruction to apply the exception using a generic computer component. The combination of these additional elements is no more than mere instructions to apply the exception using a generic computer (processing circuitry) component. Even in combination, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limitations on practicing the abstract idea. Thus, the additional element(s) of the claim when analyzed under step 2A, prong 2, does not integrate the judicial exception into a practical application.
	Claim further when evaluated under step 2B it is no more than what is well-understood, routine, conventional activity in the field. The additional elements of the claim does not amount to significantly more than the judicial exception. The specification does not provide any indication that the additional elements are anything other than a generic computer component. The mere generating a cyber event catalog…; and simulating a cyber event, of the plurality of cyber events included in the cyber event catalog is a well-understood, routing and conventional function when it is claimed in a merely generic manner as it is here. Additionally, specification, in paragraphs 70-74 and figure 5, describes using a general-purpose computer which demonstrates the well-understood, routine, conventional nature of the additional elements. 
	Independent claim 1 and 12 include limitations similar the limitations of claim 13 and  are rejected under 35 U.S.C. 101 for being directed to abstract idea for the same reason discussed above.
	Dependent claims 3-13 and 15-23 do not cure the deficiency of the independent claims and are rejected under 35 U.S.C. 101 for being directed to abstract idea.
Claim Rejections - 35 USC § 103
		The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
	Claims  1, 3, 12 , 13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Lotem et al. (US Patent No.8,407,798 ) in view of Mahabir et al. (US Publication No. 2017/0244740).
	As per claim 1, 12 and 13 Lotem discloses a  method for catastrophic event modeling, comprising: generating a cyber event catalog  (column 5, lines 49, creating an Attack Action Dictionary) based on a past cyber event, the cyber event catalog including a plurality of cyber events (column 5, lines 53-56, “dictionary represent known vulnerabilities and their exploitation method, worms attacking actions and propagation methods, and general acing actins (such as port scan, brute force m file transfer, DDOS attack, and the usage of backdoors or Trojans)”, and column 6, lines 12-14, “dictionary of attacking actions might be held in a repository with entries for known vulnerabilities, known worms, and general hacking actions”); and simulating a cyber event, of the plurality of cyber events included in the cyber event catalog, to predict whether an organization is affected by a simulated cyber event (column 5, lines 51-52, “[t]he information in the dictionary is required for performing the attack simulation, column 6, lines 19-28, “[s]tage 40 relates to simulating attacks and analyzing risks…”). 
	Lotem does not explicitly disclose but in an analogous art, Mahabir discloses, wherein the organization is an organization selected from a hazard table (paragraph [0006], “a list of organizational nodes”, “determining an organizational node risk assessment score for the selected organizational nodes”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Lotem with Mahabir. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to determine organizational node risk assessment scores of each of the list  organizational nodes.
	As per claim 3 and 15, Lotem furthermore discloses, wherein the event catalog includes a plurality of potential catastrophic events (column 5, lines 52-56, known vulnerabilities and their exploitation methods, worm attacking actions and propagation methods, and general hacking actions (such as port scan, brute force, file transfer, DDOS attack, and the usage of backdoors or Trojans), and column 11, lines 12-17) .
	Claims  2 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Lotem et al. (US Patent No.8,407,798 ) in view of Mahabir et al. (US Publication No.2017/0244740), further in view of Flores  et al. (US Publication No. 2013/0347116).
	As per claim 2 and 14, Lotem in view of Mahabri discloses all limitation of claim as applied to claims 1 and 13  above. Lotem in view of Mahabri  does not explicitly disclose simulating the cyber event further comprises: simulating the cyber event via a Monte Carlo simulation. However, simulating the cyber event via a Monte Carlo simulation is old and well known in the art as illustrated by Flores (paragraph [0097], “threat evaluation simulation engine 418 shown in FIG.6 uses Monte Carlo method..”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lotem and Mahabri  to include the well known Monte Carlo algorithm for performing simulation, in order to achieve the predictable result of investigating the behavior of complex system.  
	Claims  4-6, 9, 11, 16-18, 21 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Lotem et al. (US Patent No.8,407,798 ) in view of Mahabir et al. (US Publication No.2017/0244740), further in view of Grenier et al. (US Patent No. 10,878,329).
	As per claim 4 and 16, Lotem in view of Mahabri discloses all limitation of claim as applied to claim 1 and 13  above. Lotem in view of Mahabri  does not explicitly disclose but in an analogous art, Grenier discloses, wherein generating the cyber event catalog further comprises: determining a distribution of all event parameters by extrapolating one or more data points from a past event (column 14, lines 28-33, for each categorized event that is accessed by the processing system, a statistical distribution 608 is generated. This distribution represents a range of probabilities of event occurrences or event activities during a calendar year) ; and assigning a set of restriction rules (column 14, lines 32-34, a sample rate is determined for the event’s event type), 
	wherein the parameter distribution (event activities) and set of restriction rules (events are sampled and associated with  annual frequency) are used to create event in the event catalog (column 14, lines 38-61, event activity is simulated over period of time by using sampled annual frequency, and is used to create catalog of events). 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Lotem and Mahabir with Grenier. This would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to provide a probabilistic accumulation method for validating third-party catastrophe models.
	As per claim 5 and 17, Lotem furthermore discloses, wherein determining the distribution of all event parameters further comprises: collecting data from at least one of: a CVE database, and an open-source monitoring dashboard (column 5, lines 65-67, “the potential exploitation of the CVE-2002-0392 vulnerability might be represented in the dictionary”).
	As per claim 6 and 18, Lotem furthermore discloses  determining the distribution of all event parameters further comprises: accessing an active exploitation database; and collecting threat intelligence data (column 11, lines 12-13, “collection of event data from various sources”).
	As pe claim 9 and 21,  Lotem in view of Mahabri discloses all limitation of claim as applied to claim 1 and 13  above. Lotem in view of Mahabri  does not explicitly disclose but in an analogous art, Grenier discloses processing an input, the input including an input group (column 2, lines 9-11, “determine a model outcome over a range of possible events (input group), where these events are the input to the model… the method may create a range of possible events by varying parameters, such as severity, of known event”); generating one or more hazard tables (column 3, lines 12-16, “creating a database of event by categorizing a list of measured meteorological events to associate each measured meteorological event with an event type having.. hazard”); evaluating a damage function (column 8, lines 49-51, “damage function related to the event intensity”); determining a damage estimation (column 10, lines 47-48, “the system may estimate the damage”); generating a yearly loss table (YLT) (column 10, lines 16-18, “annual occurrence may correspond to the maximum loss. [t]he annual occurrence may correspond to the maximum loss” and column 15, “year, the event, and the loss …can be then stored 812 in results database 814”); and generating an exceedance probability (EP) curve (column 2, lines 55-56, “exceedance probability (EP) curve can be created”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Lotem and Mahabir with Grenier. This  would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to validate third-party catastrophe models.
	As per claim 11 and 23,  Grenier  furthermore discloses, wherein generating one or more EP curves further comprises: calculating at least one of: an annual exceedance probability (AEP) , and an overall exceedance probability (OEP), wherein an AEP is calculated by summing damages of each year, and wherein an OEP is calculated by focusing on an event with the maximum damage for each year. (column 2, lines 55-66, “an EP curve is a graph that shows the probability of exceedance [AEP] of various level of loss, on either an annual occurrence basis or an annual aggregate basis…EP curve is generated ..based on the sum of all event losses [damages] within each simulated year”.
	The motivation is similar to the motivation provided in claim 9 and 21 above.
	Claims  10 and 22  are rejected under 35 U.S.C. 103 as being unpatentable over Lotem et al. (US Patent No.8,407,798 ) in view of Mahabir et al. (US Publication No.2017/0244740), in view of Grenier et al. (US Patent No. 10,878,329), further in view of Sweeney et al. (US publication No. 2019/0207981)
	As per claim 10 and 22, Lotem in view of Mahabir and Grenier discloses all limitation of claim as applied to claim 9 and 21 above.  Lotem in view of Mahabir and Grenier does not explicitly disclose but in an analogous art  Sweeney discloses, wherein generating one or more hazard tables further comprises: actively mapping, to one or more security controls of a plurality of security controls, one or more assets used by one or more insured companies (paragraph [0022], “wherein each cell in the matrix comprises one or more security controls mapped to the operational asset and the asset class corresponding to that cell”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Lotem, Mahabir and Grenier with Sweeney. This  would have been obvious because one of ordinary skill in the art would have been motivated to do so in order to assess control maturity in security operation environment.
	Claims 7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Lotem et al. (US Patent No.8,407,798 ) in view of Mahabir et al. (US Publication No.2017/0244740), in view of Grenier et al. (US Patent No. 10,878,329), further in view of Alahmady (US Publication No. 2021/0150569).
	As per claim 7 and 19, Lotem in view of Mahabri  and Grenier discloses all limitation of claim as applied to claim 4  and 16 above. Lotem in view of Mahabri and Grenier  does not explicitly disclose but in an analogous art,  Alahmady discloses wherein determining the distribution of all event parameters further comprises: using validation and test sets as control groups (paragraph [0019], historical data comprises validation set and a test set).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Lotem, Mahabri and Grenier with Alahmady. This would have been obvious because one of ordinary skill in the art would have been motivated to validate results of the trained machine learning model and to test operation of the machine learning model.
	Claims  8 and 20  are rejected under 35 U.S.C. 103 as being unpatentable over Lotem et al. (US Patent No.8,407,798 ) in view of Mahabir et al. (US Publication No.2017/0244740), in view of Grenier et al. (US Patent No. 10,878,329) further in view of Ben-Hurt et al.  (US Publication No. 2005/0071140).
	As per claim 8 and 20, Lotem in view of Mahabri and Grenier  discloses all limitation of claim as applied to claim 4  and 16  above. Lotem in view of Mahabri  and Grenier does not explicitly disclose determining the distribution of all event parameters further comprises: using a K-means algorithm to distill a full event catalog to a smaller subset. However, determining the distribution of all event parameters further comprises: using a K-means algorithm to distill a full event catalog to a smaller subset is old and well known as illustrated by Ben-Hurt (paragraph [0012],   K-means, the algorithm is applied to the data).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Lotem, Mahabri Grenier to utilize the well known K-means algorithm in order to achieve the predictable result of sub-sampling the data and clustering the subsamples. 
References Cited, Not Used

	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	Zandani, (US Publication No. 2013/0227697), discloses method for collecting global cyber attack data from a networked resource; collecting organizational profile data from a user, and computing a cyber attack risk of the organization in real time, by continuously performing said collecting of global cyber attack data and comparing the global cyber attack data to the organizational profile data, to compute a cyber attack risk score for each of the organizational assets.	
	Powell et al. (US Patent No. 8,601,587), discloses, a cyber threat analysis system generates a network model of a network infrastructure that is used by an organization, assigns a weighting value to each of a plurality of network elements of the network infrastructure and generates an attack vector according to a determined vulnerability of the network infrastructure. 
Conclusion
	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300 Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437