DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-19 are pending in this application.
Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 3/31/2022 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 signed and attached hereto. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of U.S. Patent No. 11314872. Although the claims at issue are not identical, they are not patentably distinct from each other (see table below).
Instant Application
U.S. Patent No. 11314872
Claim 1: A processor-executed method comprising:
providing one or more first data stores communicatively coupled with the processor, the
one or more first data stores storing information on:
a plurality of properties to be configured for one or more resources included in the code file; and
a plurality of security threats associated with one or more values of the plurality of properties;
analyzing the code file to identify one or more properties of the plurality of properties, associated with the one or more resources included in the code file; and
for each property of the identified one or more properties:
identifying a value for the property defined in the code file; and
determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores.
Claim 1: A processor-executed method for generating a threat model from a code file, comprising:
     providing one or more first data stores communicatively coupled with the processor, the one or more first data stores storing information on:
     a plurality of properties to be configured for one or more resources included in the code file; and
    a plurality of security threats associated with one or more values of the plurality of properties;
    analyzing the code file to identify one or more properties of the plurality of properties associated with one or more resources included in the code file;
    for each property of the identified one or more properties;
    identifying a value for the property defined in the code file; and
     determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores; and
    generating a threat model  for the one or more resources based on the determined one or more security threats.  

Although the conflicting claims are not identical, they are not patentably distinct from each other because both are directed to a method for identifying a value for the property defined in the code file; and
determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores and is substantively-similar independent claims 10,19, said claims are merely a broader version of claim 1 of U.S. Patent No. 11,314,872 contains at least all of the limitations (or obvious equivalents) recited in claim 1 of the instant application.
	With regard to claims of the 2-9,11-18, each depending from one of independent claims 1, 10, said claims are rejected on the grounds of nonstatutory double patenting as being unpatentable over U.S. Patent No. 11,314,872 in view the foregoing nonstatutory double patenting rejection of claim 1.


Claims 1-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10747876. Although the claims at issue are not identical, they are not patentably distinct from each other (see table below).
Instant Application
U.S. Patent No. 10747876
 Claim 1: A processor-executed method comprising:
providing one or more first data stores communicatively coupled with the processor, the
one or more first data stores storing information on:
a plurality of properties to be configured for one or more resources included in the code file; and
a plurality of security threats associated with one or more values of the plurality of properties;
analyzing the code file to identify one or more properties of the plurality of properties, associated with the one or more resources included in the code file; and
for each property of the identified one or more properties:
identifying a value for the property defined in the code file; and
determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores.
Claim 1: A modeling method, comprising:
providing one or more data stores, the one or more data stores comprising:
    a plurality of threat model components stored therein; and 
     a plurality of threats stored therein, wherein each of the threats is associated with at least one of the threat model components through the one or more data stores;
     displaying, on one or more user interfaces displayed on one or more computing devices communicatively coupled with the one or more data stored, a relational diagram of one of a system, an application, and a process, using visual representations of the threat model components, the relational diagram defining a threat model;
     in response to receiving user input using the one or more user interfaces, adding one of the threat model components to the threat model;
     in response to the added threat model component being added to the threat model, displaying on the one or more user interfaces a list of one or more threat model components associated with through the one or more data stores with the added threat model component; and
     generating, using the one or more computing devices, and displaying, on the one or more user interfaces, a threat report displaying each threat that is associated through the one or more data stores with one of the threat model components included in the threat model.



Although the conflicting claims are not identical, they are not patentably distinct from each other because both are directed to a method for providing one or more data stores and identifying a threat and is substantively-similar independent claims 10,19, said claims are merely a broader version of claim 1 of U.S. Patent No. 10,747,876 contains at least all of the limitations (or obvious equivalents) recited in claim 1 of the instant application.
	With regard to claims of the 2-9,11-18, each depending from one of independent claims 1, 10, said claims are rejected on the grounds of nonstatutory double patenting as being unpatentable over U.S. Patent No. 10,747,876 in view the foregoing nonstatutory double patenting rejection of claim 1.

Claims 1-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10200399. Although the claims at issue are not identical, they are not patentably distinct from each other (see table below).
Instant Application
U.S. Patent No. 10200399
 Claim 1: A processor-executed method comprising:
providing one or more first data stores communicatively coupled with the processor, the
one or more first data stores storing information on:
a plurality of properties to be configured for one or more resources included in the code file; and
a plurality of security threats associated with one or more values of the plurality of properties;
analyzing the code file to identify one or more properties of the plurality of properties, associated with the one or more resources included in the code file; and
for each property of the identified one or more properties:
identifying a value for the property defined in the code file; and
determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores.
Claim 1: A threat model chaining and system configuration method, comprising:
     In response to receiving one or more user inputs, using one or more interfaces displayed on a display of a computing device communicatively coupled with a database:
     storing a plurality of threat model components in the database;
     storing a plurality of threats in the database
     associating each threat with at least one of the threat model components through the database;
     storing a plurality of compensating controls in the database;
    associating each compensating control with at least one of the threats through the database;
     displaying , using a diagram interface, a relational diagram of a system, using visual representations of one or more of the threat model components and visual representations of one or more of the compensating controls, the relational diagram defining a first threat model;
     adding a component group to the first threat model and thereby redefining the first threat model by including in it a second threat model associated with the component group, wherein the component group comprises a predefined interrelated group of two or more of the threat model components, and;
     physically arranging tangible components matching the threat model components of the diagrammed system to form an actual system, the actual system mitigating actual threats corresponding with the threats of the first threat model.  

Although the conflicting claims are not identical, they are not patentably distinct from each other because both are directed to a method for storing a plurality of threats associated with data and is substantively-similar independent claims 10,19, said claims are merely a broader version of claim 1 of U.S. Patent No. 10,200,399 contains at least all of the limitations (or obvious equivalents) recited in claim 1 of the instant application.
	With regard to claims of the 2-9,11-18, each depending from one of independent claims 1, 10, said claims are rejected on the grounds of nonstatutory double patenting as being unpatentable over U.S. Patent No. 10,200,399 in view the foregoing nonstatutory double patenting rejection of claim 1.

Claims 1-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10255439. Although the claims at issue are not identical, they are not patentably distinct from each other (see table below).
Instant Application
U.S. Patent No. 10255439
 Claim 1: A processor-executed method comprising:
providing one or more first data stores communicatively coupled with the processor, the
one or more first data stores storing information on:
a plurality of properties to be configured for one or more resources included in the code file; and
a plurality of security threats associated with one or more values of the plurality of properties;
analyzing the code file to identify one or more properties of the plurality of properties, associated with the one or more resources included in the code file; and
for each property of the identified one or more properties:
identifying a value for the property defined in the code file; and
determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores.
Claim 1: A threat model and system configuration method, comprising:
     In response to receiving one or more user inputs, using one or more input interfaces displayed on a display of a computing device communicatively coupled with a database:
     storing a plurality of threats in the database;
     storing a plurality of threats in the database;
     associating each threat with at least one of the threat model components through the database;
     storing a plurality of security requirements in the database, including storing an indication of whether each security requirement is a compensating control;
     associating each compensating control with at least one of the threats through the database;
     displaying a relational diagram of a system, using visual representations of one or more of the threat model components, the diagram defining a threat model;
     generating and displaying a threat report displaying each threat that is associated through the databases with one of the threat model components included in the threat model, wherein the threat report displays a threat status for each threat indicating whether that threat has been mitigated, and wherein the threat report includes one or more input fields configured to manually change each threat status;
    generating and displaying a report displaying each compensating control that is associated through the database with one of the threats included in the threat report;
     removing one of the compensating controls from the diagram and automatically changing the threat status of at least one of the threats included in the threat report to an unmitigated status, and;
    physically arranging tangible components matching the threat model components of the diagrammed system to form an actual system, the actual system mitigating actual threats corresponding with the threats displayed in the threat report.

Although the conflicting claims are not identical, they are not patentably distinct from each other because both are directed to a method for storing a plurality of threats associated with data and is substantively-similar independent claims 10,19, said claims are merely a broader version of claim 1 of U.S. Patent No. 10,255,439 contains at least all of the limitations (or obvious equivalents) recited in claim 1 of the instant application.
	With regard to claims of the 2-9,11-18, each depending from one of independent claims 1, 10, said claims are rejected on the grounds of nonstatutory double patenting as being unpatentable over U.S. Patent No. 10,255,439 in view the foregoing nonstatutory double patenting rejection of claim 1.

Claims 1-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10699008. Although the claims at issue are not identical, they are not patentably distinct from each other (see table below).

Instant Application
U.S. Patent No. 10699008
 Claim 1: A processor-executed method comprising:
providing one or more first data stores communicatively coupled with the processor, the
one or more first data stores storing information on:
a plurality of properties to be configured for one or more resources included in the code file; and
a plurality of security threats associated with one or more values of the plurality of properties;
analyzing the code file to identify one or more properties of the plurality of properties, associated with the one or more resources included in the code file; and
for each property of the identified one or more properties:
identifying a value for the property defined in the code file; and
determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores.
Claim 1: A threat model chaining method, comprising:
    providing one or more databases, the one or more databases comprising:
     a plurality of threat model components stored therein;
     a plurality of threats stored therein, each threat associated with at least one of
    the threat model components through the one or more databases; and
     a plurality of compensating controls stored therein, each compensating control associated with at least one of the threats through the one or more databases;
     providing one or more interfaces, including a diagram interface, configured to be displayed on one or more end user computing devices communicatively coupled with the one or more databases;
     configuring the diagram interface to display a relational diagram of one of a system, an application, and a process, using visual representation of one or more of the threat model components and visual representation of one or more of the compensating controls, the relational diagram defining a first threat model, and;
     configuring the diagram interface to, in response to receiving one or more user inputs,
add a component group to the first threat model and thereby redefine the first threat model by including in it a second threat model associated with the component group, wherein the component group comprises a predefined interrelated group of two or more of the threat model components.

Although the conflicting claims are not identical, they are not patentably distinct from each other because both are directed to a method for storing a plurality of threats associated with data and is substantively-similar independent claims 10,19, said claims are merely a broader version of claim 1 of U.S. Patent No. 10,699,008 contains at least all of the limitations (or obvious equivalents) recited in claim 1 of the instant application.
	With regard to claims of the 2-9,11-18, each depending from one of independent claims 1, 10, said claims are rejected on the grounds of nonstatutory double patenting as being unpatentable over U.S. Patent No. 10,699,008 in view the foregoing nonstatutory double patenting rejection of claim 1.

Claims 1-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10984112. Although the claims at issue are not identical, they are not patentably distinct from each other (see table below).

Instant Application
U.S. Patent No. 10984112
 Claim 1: A processor-executed method comprising:
providing one or more first data stores communicatively coupled with the processor, the
one or more first data stores storing information on:
a plurality of properties to be configured for one or more resources included in the code file; and
a plurality of security threats associated with one or more values of the plurality of properties;
analyzing the code file to identify one or more properties of the plurality of properties, associated with the one or more resources included in the code file; and
for each property of the identified one or more properties:
identifying a value for the property defined in the code file; and
determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores.
Claim 1: A method for automated threat modeling of an existing computing environment, comprising:
     providing one or more servers;
     providing one or more data stores communicatively coupled with the one or more servers, the one or more data stores comprising:
     a plurality of threat model components stored therein; and 
     a plurality of threats stored therein, wherein each stored threat is associated through  the one or more data stores with at least one of the stored threat model components;
     receiving, using one or more input fields displayed on one or more computing devices communicatively  coupled with at least one of the one or more servers, one or more inputs, the one or more inputs comprising:
     access credentials associated with an existing computing environment; and
     one or more inputs configured to initiate, using the one or more servers and
     using the access credentials, automatic generation of a relational diagram(diagram) of the existing computing environment and automatic generation of a threat report;
     displaying the diagram one or more user interfaces of the one or more computing devices, using visual representations of one or more of the stored threat model components corresponding with components that comprise the existing computing environment, the diagram defining a threat model; and
     displaying the threat report on the one or more user interfaces, the threat report displaying each stored threat that is associated through the one or more data stores with one of the diagrammed  components.


Although the conflicting claims are not identical, they are not patentably distinct from each other because both are directed to a method for storing a plurality of threats associated with data and is substantively-similar independent claims 10,19, said claims are merely a broader version of claim 1 of U.S. Patent No. 10,984,112 contains at least all of the limitations (or obvious equivalents) recited in claim 1 of the instant application.
	With regard to claims of the 2-9,11-18, each depending from one of independent claims 1, 10, said claims are rejected on the grounds of nonstatutory double patenting as being unpatentable over U.S. Patent No. 10,984,112 in view the foregoing nonstatutory double patenting rejection of claim 1.
Allowable Subject Matter
Claims 1-19 would be allowable if a Terminal Disclaimer is submitted to overcome the Double Patenting rejection, set forth in this office action.


USPTO Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOSUK SONG whose telephone number is (571)272-3857. The examiner can normally be reached Mon-Fri: 7:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HOSUK SONG/              Primary Examiner, Art Unit 2435