The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
The following is in response to the amendments and arguments filed 11/21/2022.  Claims 1-9, 12, 14-39 are pending.  Claims 10-11, 13 and 40 are canceled.  Claims 19-39 are withdrawn from consideration.  

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

The use of the term BLU-RAY, which is a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.

Claim Objections
Claims 1-9, 12, 14-18 are objected to because of the following informalities:  the claims are not proper Beauregard claims.  Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-9, 12, 14-18 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-24, 31-33 of co-pending Application No. 14/919506 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because co-pending application 14/919506 is directed to a central monitoring station o for detecting and handling cyber-attacks to client systems in real time and it would have been obvious to one of ordinary skill in the art at the effective time of the invention to use the monitoring system of ‘506 application in the implementing a defense to a product and provide insurability against an attack because the system of detecting the attack and monitoring provides for the information to determine the insurability.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


 	Claims 1-9, 12, 14-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
The claims recite identifying real time data indicative of cyber-attacks, sampling the data, calculating a real time damage assessment calculating an insurability rating and implementing a defense of products and services from future cyber-attacks. 
The claim as a whole recites a method of organizing human activity. The claimed invention is a method that allows for a user calculating a real-time damage assessment and calculating an insurability rating in real time which is a Fundamental Economic Practice and  a legal interaction (insurance contract). The mere nominal recitation of a generic processor and generic interface does not take the claim out of the methods of organizing human interactions grouping. Thus, the claim recites an abstract idea. The claim as a whole merely describes how to generally “apply” the concept of calculating and updating insurability ratings in a computer environment. The claimed computer components are recited at a high level of generality and are merely invoked as tools to perform an existing insurance process. Simply implementing the abstract idea on a generic computer is not a practical application of the abstract idea.   
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element, when considered separately and in combination, of using a processor to perform the steps amounts to no more than mere instructions to apply the exception using a generic computer component. By applicant’s own admission, the computer components are not special use computers but directed to a general purpose processor (see para 41 “when considered separately and in combination” and para 70 “The processor 812 can, for example, be a microprocessor, a controller or other processing device that is known in the art” and para 75 “The components or modules that are described in connection with the disclosed embodiments can be implemented as hardware, software, or combinations thereof”).  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. Thus, even when viewed as a whole, nothing in the claim adds significantly more (i.e., an inventive concept) to the abstract idea.  The claim is not patent eligible.  
	As noted previously, the claim as a whole merely describes how to generally “apply” the concept of calculating and updating insurance in a computer environment. Thus, even when viewed separately and as a whole, nothing in the claim adds significantly more (i.e., an inventive concept) to the abstract idea. The claim is ineligible. 
On this record, applicants have not shown under the guidance of Manual of Patent Examining Procedure section 2106.05(a) (“Improvements to the Functioning of a Computer or to Any Other Technology or Technical Field”) or section 2106.05(e) (“Other Meaningful Limitations”). See MPEP §§ 2106.05(b) (Particular Machine) and 2106.05(c) (Particular Transformation).  
	The elements of dependent claims 2-9, 12, 14-18 are also not patent eligible. The dependent claims do not include any additional elements that integrate the abstract idea into a practical application or are sufficient to amount to significantly more than the judicial exception when considered both individually and as an ordered combination.  Therefore, the dependent claims are directed to an abstract idea.  Thus, claims 1-9, 12, 14-18 are not patent-eligible.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-9, 12, 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Schultz et al. (US 2015/0381649 A1) in view of McGovern (US 2009-0024663 A1 further in view of King (US 2009/0024627).
Specifically as to claim 1, Schultz et al. disclose a non-transitory computer readable storage medium with instructions stored thereon that, in response to execution by at least one processor, cause the at least one processor to identify real-time data received from a computer network, the real-time data indicative of cyber-attacks that are likely to diminish a value of a product or service; calculate based on the sampled real-time data to compute real-time damage assessment associated with losses to the product or service due to occurrence of one or more cyber-attacks, the damage assessment computed using a weighted average including at least a first weight indicating the likelihood of occurrence of the one or more cyber-attacks, a second weight indicating a likelihood of success of the one or more cyber-attacks, and a third weight indicating a measure of severity of damage to the product of service as a result of the occurrence of the one or more cyber-attacks wherein the first weight, the second weight and the third weight are based at least in part on historical information; and calculate an insurability rating for the product or service that is usable for determination of an amount of insurance that sufficiently insures against the occurrence of the one or more cyber-attacks, wherein the insurability rating is based at least in-part on the real-time damage assessment and is changeable in response to changes in the received real-time data; provide an interface to an insured user of a cyber insurance via a computer software application on a computing device associated with the insured user (see paragraphs 78-79 “potential end use applications” see para 76-77 “interface …on the insured’s computing device”; see paragraphs 67, 75, 79, 80, 83, 289; para 235 algorithms for assessment of damage) but does not specifically disclose sample the real time data indicative of cyber-attacks and implement a defense of the product or service from future cyber-attacks based at least in part on one or more defense guidelines or strategies based on computer security threats of other products or services.
McGovern discloses monitoring in real time an information system using a detection mechanism for threat management and implementing a defense (see para 0024)
King discloses implementing a defense of the product or service from future cyber-attacks based at least in part on one or more defense guidelines or strategies based on computer security threats of other products or services (see paragraphs 13-14 and 53).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to include in the risk system of Schultz the ability to sample cyber-attack data in real time as taught by McGovern and the ability to defend against cyber-attacks as taught by King since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately, and one of ordinary skill in the art would have recognized that the results of the combination were predictable.  Further, McGovern teaches information security risks are practically everywhere and can materialize at any time. Failure to recognize the risks and take appropriate action in real time can have grave consequences (see para 004 McGovern).
Specifically as to claim 2, producing an insurance premium value for the product or service using the insurability rating (see paragraphs 70-75 and abstract). 
Specifically as to claim 3, wherein the real-time damage assessment is computed on an on-going basis based on changes in the real-time data with a time granularity of 1 micro second or less (see paragraphs 67, 75, 79, 80, 83, 289).  
Specifically as to claim 4, wherein the insurability rating is produced at least in-part by: processing the real-time damage assessment over a pre-determined time interval and determining a statistical value associated with a plurality of insurability rating values over the pre-determined time interval (see paragraphs 67, 75, 79, 80, 83, 289). -28-128274884.1U.S. Patent ApplicationAttorney Docket No. 112607-8007.US01 
Specifically as to claim 5, wherein the statistical value is an average of the plurality of insurability rating values over the pre-determined time interval (see paragraphs 130-137, figures 2-3).  
Specifically as to claim 6, wherein the statistical value is a weighted average of the plurality of insurability rating values over the pre-determined time interval, and wherein an insurability rating value that corresponds to a later time instance within the predetermined time interval is assigned a larger weight compared to an insurability rating value that corresponds to an earlier time instance within the predetermined time interval (see paragraphs 67, 75, 79, 80, 83, 289). 
Specifically as to claim 7, wherein the pre-determined time interval is one of: one hour, one day, one week or one month (abstract). 
Specifically as to claim 8, determining at least one additional insurability rating based on the real-time data, wherein one of the insurability rating or the additional insurability rating corresponds to a short-term insurability rating, and the other of the insurability rating or the additional insurability rating corresponds to a long-term insurability rating(see paragraphs 67, 75, 79, 80, 83, 289). 
Specifically as to claim 9, wherein the short-term insurability rating corresponds to a time period ranging from one hour to one day, and wherein the long-term insurability rating corresponds to a time period that is greater than one day and up to one month(see paragraphs 67, 75, 79, 80, 83, 289). 
Specifically as to claim 12, wherein the historical information includes one or more of: a number of previous cyber-attacks against the product or service, a rate of success of previous cyber-attacks against the product or service, an amount of damage to the service or product caused by a previous cyber-attack, or a frequency of occurrence of cyber-attacks against other entities that offer products or services that are similar to the product and service (see paragraphs 67, 75, 79, 80, 83, 289).  
Specifically as to claim 14, wherein the patterns of cyber activity include indications of cyber-attacks on organizations with network connectivity (see paragraphs 67, 75, 79, 80, 83, 289). 
Specifically as to claim 15, wherein the insurability rating is determined using an inverse proportionality relationship with respect to the real-time damage assessment (see paragraphs 67, 75, 79, 80, 83, 289). 
Specifically as to claim 16, wherein the insurability rating is determined based in-part on existing cybersecurity countermeasures that are deployed to protect computers, networks or storage units that participate in storage, production or distribution of the product or service(see paragraphs 67, 75, 79, 80, 83, 289). 
Specifically as to claim 17, wherein the insurability rating is modified based on changes in the cybersecurity countermeasures deployed to protect computers, networks or storage units that participate in storage, production or distribution of the product or service (see paragraphs 67, 75, 79, 80, 83, 289). 
Specifically as to claim 18, providing one or more of the following to an entity for obtaining or maintaining insurance coverage for the product or service: information regarding the real-time damage, information regarding the likelihood of occurrence of the one or more cyber-attacks, information regarding the likelihood of success of the one or more cyber-attacks, information regarding the measure of severity of damage to the product of service as a result of the occurrence of the one or more cyber-attacks, a recommendation for obtaining additional cybersecurity countermeasures, or a particular cybersecurity countermeasure (see paragraphs 67, 75, 79, 80, 83, 289). 

Response to Arguments
Applicant's arguments filed 02/21/2022 have been fully considered but they are not persuasive.
With regards to applicant’s arguments (rem 13) with regards to 35 USC 101, Step 2Aii, Examiner respectfully disagrees.  Applicant ha argued the instant is directed to a technological  improvement  because "due to the ever- changing nature of cyber security and cyber vulnerabilities, traditional insurance or even cyber insurance policies and associated premiums do not adequately correspond to the level of risk that is associated with a computer asset." (see rem 13).  However, the instant specification provides for an improvement in the judicial exception itself (risk assessment in insurance contracts) and not in the technology.  The claim simply provides an insurer and insured with more information to facilitate insurance coverage, which improved the business process of insurance but did not improve computers or technology.
With regards to applicants’ arguments with respect to 35 USC 101 Step 2Aii, Examiner respectfully disagrees.  Applicant argues an improvement to the functioning of the computer (rem 14) while the speciation recite the invention is directed to an improvement in the insurance industry, a business problem (see specification para 5).  Further, applicant cites paragraph 5 of the instant specification for providing a specific improvement over the prior art in the field of computer network damage assessment and risk analysis however, paragraph 27 recites “Cyber insurance can, in principle, be an important risk-management tool for strengthening IT security and reliability for companies” and does not provide for any specific improvement over the prior art.
With regards to applicant’s arguments that claims 1-9, 12, 14-18 are statutory with regards to 35 USC 101, Examiner disagrees.  Applicant’s claims are directed to risk assessment which is an abstract idea.  As emphasized in Alice Corp., abstract ideas are excluded from eligibility based on a concern that monopolization of the basic tools of scientific and technological work might impede innovation more than it would promote.  Further, the claims do not amount to significantly more than the abstract idea itself.  In other words, there are no other limitations in the claims that show a patent eligible application of the abstract idea (more than a mere instruction to perform the abstract idea).  Further, by applicant’s own admission, the claimed invention (an abstract idea of risk assessment) is not performed on a special use computer but instead on a general purpose computer (“The user computers 202 may be general-purpose devices that can be programmed to run various types of applications…” see paragraph 43 of the originally filed specification). The mere recitation of a generic computer cannot transform a patent-ineligible abstract idea into a patent-eligible invention.” Alice Corp., 134 S.Ct. at 2358; DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1256 (Fed. Cir. 2014) (“And after Alice, there can remain no doubt: recitation of generic computer limitations does not make an otherwise ineligible claim patent-eligible.”) (citation omitted).  Thus, if a patent’s recitation of a computer amounts to a mere instruction to ‘implemen[t]’ an abstract idea ‘on . . . a computer,’ that addition cannot impart patent eligibility.” Alice Corp., 134 S.Ct. at 2358 (internal citation omitted).
Thus, because the Specification describes the additional elements in general terms, without describing the particulars, the claim limitations may be broadly but reasonably construed as reciting conventional computer components and techniques, particularly in light of the Specification, as quoted above.
To show that the involvement of a computer assists in improving the technology, the claims must recite the details regarding how a computer aids the method, the extent to which the computer aids the method, or the significance of a computer to the performance of the method. Merely adding generic computer components to perform the method is not sufficient. Thus, the claim must include more than mere instructions to perform the method on a generic component or machinery to qualify as an improvement to an existing technology. See MPEP § 2106.05(f) for more information about mere instructions to apply an exception.
With regards to applicant’s arguments with regards to Step 2B, significantly more,  Examiner has not based the eligibility rejection on well understood, routine and conventional.  As such, the arguments with respect to well understood, routing and conventional are moot.
35 USC 103 
Applicant's arguments with respect to claims 1-9, 12, 14-18 with regards to 35 USC 103 have been considered, Examiner respectfully disagrees.
Applicant argues Schultz et al. do not “teach or suggest using a weighted average including at least a first weight indicating the likelihood of occurrence of the one or more cyber-attacks, a second weight indicating a likelihood of success of the one or more cyber-attacks, and a third weight indicating a measure of severity of damage to the product of service as a result of the occurrence of the one or more cyber-attacks, wherein the first weight, the second weight, and the third weight are based at least in part on historical information. Instead, Schultz merely discloses calculating the likelihood of financial loss resulting from network attack as a distribution in time and using this calculation statistically to estimate pricing for insurance products. Schultz does not teach or suggest calculating a real-time damage assessment comprising a weighted average. Further, Schultz does not teach or suggest the weighted average comprising a first weight indicating a likelihood of one or more cyberattacks, a second weight indicating a likelihood of success of the one or more cyberattacks, and a third weight indicating a measure of severity of damage, where the first, second, and third weights are based on historical information” Examiner respectfully disagrees.  The use of a weighted average is notoriously well known in risk assessment.  The determination of the factors would be well known to one of ordinary skill in the art.  Further, Schultz provides for the use of algorithms for determining the risk and as such, in view of  the broadest reasonable interpretation of the weighted averages in light of the specification, the instant provides for the use of weighted average algorithms.  One of ordinary skill in the art could have substituted one known element for another, and the results of the substitution would have been predictable. See MPEP 2143.
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., compute a damage assessment using a weighted average) are not positively recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Vashist et al. (US 2014/0082730 A1) disclose predicting attacks in real time with real time damage assessment based on a detected cyber-attacks.  Compton et al. disclose an accurate quantification of risk, financial loss and assessment of network security control measures to minimize damage given by rate and type of attack by quantifying likelihood of damage and loss due to a range of cyber threat vectors, thus allowing broad correlation and integration of security and attack-related data to detect network compromise, lower false alarm rates on the detection and improve response time and effectiveness for security teams.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kelly S Campen whose telephone number is (571)272-6740. The examiner can normally be reached Monday-Thursday 6am-3pm.
 The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Kelly S. Campen
Primary Examiner
Art Unit 3691


/KELLY S. CAMPEN/            Primary Examiner, Art Unit 3691