Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is responsive to the application 17/654,026 filed on March 8, 2022. Claims 1-20 are pending.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 1-20 (hereafter “examined claim”) are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 (hereafter “patent claim”) of U.S. Patent No. 11,283,824.  Although the conflicting claims are not identical, they are not patentably distinct from each other because the claims of the instant application are merely obvious variations of the claims in the patent 11,283,824 as outlined in the table below:

Examined claim 6

The system of claim 1, wherein the set of rules associated with the first cybersecurity factor specify a satisfaction adjustment to be applied if the subset of the processed scan data indicates the first cybersecurity factor is satisfied, and a failure adjustment to be applied if the subset of the processed scan data indicates the first cybersecurity factor is not satisfied.

Examined claim 1

A system comprising: 
     computer-readable memory storing computer-executable instructions; and
     one or more hardware processors in communication with the computer-readable memory and programmed by the executable instructions;
     wherein the system is configured to at least:
       generate a plurality of data streams based at least partly on scanning a target network, wherein a first data stream of the plurality of data streams comprises data representing characteristics of devices on the target network, wherein a second data stream of the plurality of data streams comprises data representing events detected on the target network, and wherein a third data stream of the plurality of data streams comprises data representing vulnerabilities associated with devices on the target network;
       generate processed scan data based at least partly on the plurality of data streams;
       identify a cybersecurity assessment framework against which the target network is to be assessed;
       determine a initial score for one or more cybersecurity factors associated with the cybersecurity assessment framework;







       determine an adjustment for one or more of the determined initial scores based at least partly on the processed scan data, wherein a first adjustment to a first initial score is determined by applying a set of rules, associated with a first cybersecurity factor, to a subset of the processed scan data;

       generate an overall cybersecurity score based at least partly on applying the determined adjustment to the determined initial scores;
       present a visual representation of the overall cybersecurity score;
       identify a plurality of events using the plurality of data streams, wherein individual events are associated with a threshold level of severity; and 
       present a visual representation of the plurality of events.
Patent claim 11
The system of claim 1, wherein the set of rules associated with the first cybersecurity factor further specify a second adjustment to be applied if the subset of the processed scan data indicates the criterion associated with the set of rules is not satisfied.



Patent claim 1
A system comprising: 
     computer-readable memory storing computer-executable instructions; and
     one or more hardware processors in communication with the computer-readable memory and programmed by the executable instructions;
     wherein the system is configured to at least:
       generate a plurality of data streams based at least partly on scanning a target network, wherein a first data stream of the plurality of data streams comprises data representing characteristics of devices on the target network, wherein a second data stream of the plurality of data streams comprises data representing events detected on the target network, and wherein a third data stream of the plurality of data streams comprises data representing vulnerabilities associated with devices on the target network;
       generate processed scan data based at least partly on the plurality of data streams;
       identify a cybersecurity assessment framework against which the target network is to be assessed;
       determine a separate initial score for each of one or more cybersecurity factors associated with the cybersecurity assessment framework based on input data different from the processed scan data, wherein a first initial score for a first cybersecurity factor of the one or more cybersecurity factors represents whether a criterion associated with the first cybersecurity factor has been satisfied;
       determine a plurality of adjustments to the first initial score by applying a set of rules, associated with the first cybersecurity factor, to a subset of the processed scan data, wherein the set of rules specifies a first adjustment to be applied if the subset of the processed scan data indicates satisfaction of a criterion associated with the set of rules;
       generate an overall cybersecurity score based at least partly on applying the determined plurality of adjustments to the determined first initial scores;
       present a visual representation of the overall cybersecurity score;
       identify a plurality of events using the plurality of data streams, wherein individual events are associated with a threshold level of severity; and 
       present a visual representation of the plurality of events.


	Examined claim 6 recites the broadly limitations in patent claim 11. For example, the patent claim 11 recites limitation “cybersecurity assessment framework based on input data different from the processed scan data; and a plurality of adjustments to the first initial score” which is not recited in the examined claim 6. Thus, it would have been obvious to broaden patent claim 11 because omitting the limitations is obvious variation. Examined claims 2-5, 7-20 recite the similar limitations of patent claims 2-10, 12-20.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over O’Reilly (US 2018/0167414) and in view of Chhabra (US 2021/0084057).
Claim 1
O’Reilly teaches a system comprising:
computer-readable memory storing computer-executable instructions; and one or more hardware processors in communication with the computer-readable memory and programmed by the executable instructions [i.e. computer-readable memory (e.g. non-transitory computer-readable storage media storing instructions) and processors are inherently included in a cybersecurity scoring and recommendation system 99] (O’Reilly, figure 1A, 0023, claims 1 &11); wherein the system is configured to at least:
generate a plurality of data streams based at least partly on scanning a target network, wherein a first data stream of the plurality of data streams comprises data representing characteristics of devices on the target network [i.e. generating a report comprise a metadata of tracked attributes, characteristics of the client computing system], wherein a second data stream of the plurality of data streams comprises data representing events detected on the target network [i.e. generating a report comprise metadata of collected cyber-events detected], and wherein a third data stream of the plurality of data streams comprises data representing vulnerabilities associated with devices on the target network [i.e. generating a report comprises metadata of tracked/collected threat/vulnerability data] (O’Reilly, 0004, 0025-0026, 0029, 0045-0047);
generate processed scan data based at least partly on the plurality of data streams [i.e. generating a summarize/accurate picture of the system based on the reports/tracked metadata] (O’Reilly, 0025-0026, 0029, 0045-0047, 0084);
identify a cybersecurity assessment framework against which the target network is to be assessed [i.e. identifying a cybersecurity scoring framework 169 supports the assessment] (O’Reilly, 0026);
determine an initial score for one or more cybersecurity factors associated with the cybersecurity assessment framework [i.e. determine a score/risk score for one or more category risks (e.g. cyber events: threats, breaches, damage, vulnerabilities, etc.) associated with cybersecurity assessment] (O’Reilly, 0033-0034, 0036-0038, 0093, 0100);
generate an overall cybersecurity score based at least partly on the determined initial scores [generating an overall score that represents the collective score for the cybersecurity control being evaluated] (O’Reilly, 0033-0034, 0093);
present a visual representation of the overall cybersecurity score [i.e. displaying/representing individual scores and/or overall score to the device via a dashboard view 198]; identify a plurality of events using the plurality of data streams, and present a visual representation of the plurality of events [i.e. identifying anomalies and/or events category that associated with framework function detect by selecting a button 213, are displayed in the main window] (O’Reilly, figure 5A, 0033-0034, 0086, 0091-0093).
O’Reilly fails to teach determine an adjustment for one or more of the determined initial scores based at least partly on the processed scan data, wherein a first adjustment to a first initial score is determined by applying a set of rules, associated with a first cybersecurity factor, to a subset of the processed scan data; applying the determined adjustments to the determined initial scores; wherein individual events are associated with a threshold level of severity.
However, in an analogous art, Chhabra teaches determine an adjustment for one or more of the determined initial scores based at least partly on the processed scan data, wherein a first adjustment to a first initial score is determined by applying a set of rules, associated with a first cybersecurity factor, to a subset of the processed scan data [i.e. adjusting the computed/generated scores, and one or more rules/policies are applied to facilitate or direct the generated scores] (Chhabra, 0113-0115, 0121, 0196); applying the determined adjustments to the determined initial scores [i.e. the AI unit can adjust the score] (Chhabra, 0121); wherein individual events are associated with a threshold level of severity [i.e. the events associated with a threshold of severity levels related to threats, which can control to move a score up or down..)] (Chhabra, 0158, 0193-0196).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra of determine an adjustment for one or more of the determined initial scores based at least partly on the processed scan data, wherein a first adjustment to a first initial score is determined by applying a set of rules, associated with a first cybersecurity factor, to a subset of the processed scan data; applying the determined adjustments to the determined initial scores; wherein individual events are associated with a threshold level of severity. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003). 

Claim 2
O’Reilly in combination with Chhabra teach the system of claim 1, further configured to at least generate a cybersecurity portal interface comprising a plurality of options, wherein a first option of the plurality of options corresponds to the overall cybersecurity score [i.e. user portal 116 comprises a plurality of selections/buttons] (Chhabra, abstract, 0095, 0113-0115). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra of a cybersecurity portal interface. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003).

Claim 3
O’Reilly in combination with Chhabra teach the system of claim 2, further configured to at least generate a cybersecurity status interface comprising a visual representation of a change to the overall cybersecurity score over time [i.e. a dashboard interface displays information relating to threats, severity and statuses] (Chhabra, 0174). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra of a cybersecurity status interface. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003).

Claim 4
O’Reilly in combination with Chhabra teach the system of claim 3, wherein the cybersecurity status interface further comprises a representation of a degree to which each cybersecurity factor associated with the cybersecurity assessment framework has been determined to be satisfied [i.e. the dashboard interface represents a chart high-level analytics over time (which can comprise a degree/level to each cybersecurity factor, threat, etc)] (Chhabra, 0174, 0178). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra of a cybersecurity status interface further comprises a representation of a degree to which each cybersecurity factor associated with the cybersecurity. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003).

Claim 5
O’Reilly in combination with Chhabra teach the system of claim 1, further configured to assess the target network against any of a plurality of cybersecurity assessment frameworks, wherein a first cybersecurity assessment framework of the plurality of cybersecurity assessment frameworks is associated with a different set of cybersecurity factors than a second cybersecurity assessment framework of the plurality of cybersecurity assessment frameworks [i.e. the users can select one of a variety of different tabs/assessments for different set of cybersecurity factors/categories] (O’Reilly, 0082-0086, 0094).

Claim 6
O’Reilly in combination with Chhabra teach the system of claim 1, wherein the set of rules associated with the first cybersecurity factor specify a satisfaction adjustment to be applied if the subset of the processed scan data indicates the first cybersecurity factor is satisfied, and a failure adjustment to be applied if the subset of the processed scan data indicates the first cybersecurity factor is not satisfied (Chhabra, 0056, 0099, 0120-0121). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003).

Claim 7
O’Reilly in combination with Chhabra teach the system of claim 1, wherein a first initial score for a first cybersecurity factor is based at least partly on user-provided information (O’Reilly, 0034-0035).

Claim 8
O’Reilly in combination with Chhabra teach the system of claim 1, wherein the first initial score one of a binary set of possible initial scores (O’Reilly, 0034-0035).

Claim 9
O’Reilly in combination with Chhabra teach the system of claim 1, wherein the first adjustment is based at least partly on a severity level of the cybersecurity factor [i.e. adjusting the computed/generated scores based on a threshold level of severity] (Chhabra, 0113-0115, 0121, 0194-0196). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003).

Claim 10
O’Reilly in combination with Chhabra teach the system of claim 1, wherein the overall cybersecurity score is a numerical value between a predetermined minimum threshold and maximum threshold [i.e. the overall score is a number and evaluated with a minimum threshold] (Chhabra, 0113-0115, 0121, 0196). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003).

Claim 11
O’Reilly teaches a computer-implemented method comprising:
as implemented by a computing system comprising one or more computer processors configured to execute specific instructions [i.e. computer-readable memory (e.g. non-transitory computer-readable storage media storing instructions) and processors are inherently included in a cybersecurity scoring and recommendation system 99] (O’Reilly, figure 1A, 0023, claims 1 &11):
generating a plurality of scan data streams, wherein individual scan data streams of the plurality of scan data streams comprise cybersecurity data generated based at least partly on scanning a target network [i.e. generating a plurality of reports comprises a plurality of metadata of tracked/collected events, attributes, threat/vulnerability data] (O’Reilly, 0004, 0025-0026, 0029, 0045-0047);
identifying a set of cybersecurity factors based at least partly on the target network [i.e. determine one or more category risks (e.g. cyber events: threats, breaches, damage, vulnerabilities, etc.) associated with cybersecurity assessment] (O’Reilly, 0033-0034, 0036-0038, 0093, 0100);
determining a score for each cybersecurity factor, wherein a first score for a first cybersecurity factor is based at least partly on an initial score, and the plurality of scan data streams [i.e. determine a score/risk score for one or more category risks (e.g. cyber events: threats, breaches, damage, vulnerabilities, etc.) associated with cybersecurity assessment] (O’Reilly, 0033-0034, 0036-0038, 0093, 0100);
determining a cybersecurity status score based at least partly on the determined scores for each cybersecurity factor [generating an overall score that represents a status score for the cybersecurity control being evaluated] (O’Reilly, 0033-0034, 0093); and
display the set of cybersecurity factors as one or more cybersecurity factor representations [i.e. displaying/representing individual scores to the device via a dashboard view 198] (O’Reilly, figure 5A, 0033-0034, 0086, 0091-0093);
display the cybersecurity status score as a cybersecurity status score representation [i.e. displaying/representing overall score to the device via a dashboard view 198] (O’Reilly, figure 5A, 0033-0034, 0086, 0091-0093).
O’Reilly fails to teach generating a graphical user interface; a score adjustment algorithm; dynamically change the cybersecurity status score representation based at least partly on a set of cybersecurity status scores over a period of time.
However, in an analogous art, Chhabra teaches generating a graphical user interface [i.e. user portal 116 comprises a plurality of selections/buttons] (Chhabra, abstract, 0095, 0113-0115); a score adjustment algorithm and dynamically change the cybersecurity status score representation based at least partly on a set of cybersecurity status scores over a period of time [i.e. adjusting the computed/generated scores, and one or more rules/policies are applied to facilitate or direct the generated scores] (Chhabra, 0113-0115, 0121, 0196) .
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra of generating a graphical user interface; a score adjustment algorithm; dynamically change the cybersecurity status score representation based at least partly on a set of cybersecurity status scores over a period of time. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003). 

Claim 12
O’Reilly in combination with Chhabra teach the computer-implemented method of claim 11, wherein determining the first score based at least partly on the score adjustment algorithm comprises using a set of rules, associated with the first cybersecurity factor, specifying a satisfaction adjustment to be applied if the plurality of scan data streams indicate the first cybersecurity factor is satisfied, and a failure adjustment to be applied if the plurality of scan data streams indicates the first cybersecurity factor is not satisfied (Chhabra, 0056, 0099, 0120-0121). Therefore, it would have been obvious to one having ordinary skill in the art before the effective filling date of the claimed invention to modify the teachings of O’Reilly to include the teachings of Chhabra. One ordinary skill in the art would be motivated to provide assessment and management security risks in the system (Chhabra, 0003).

Claim 13
O’Reilly in combination with Chhabra teach the computer-implemented method of claim 11, wherein generating the plurality of scan data streams comprises:
generating a first scan data stream comprising data representing characteristics of devices on the target network [i.e. generating a report comprise a metadata of tracked attributes, characteristics of the client computing system] (O’Reilly, 0004, 0025-0026, 0029, 0045-0047););
generating a second scan data stream comprising data representing events detected on the target network [i.e. generating a report comprise metadata of collected cyber-events detected] (O’Reilly, 0004, 0025-0026, 0029, 0045-0047);); and
generating a third scan data stream comprising data representing vulnerabilities associated with devices on the target network [i.e. generating a report comprises metadata of tracked/collected threat/vulnerability data] (O’Reilly, 0004, 0025-0026, 0029, 0045-0047).

Claim 20
O’Reilly in combination with Chhabra teach the non-transitory computer-readable storage medium of claim 14, wherein the executable instructions further configure the computing system to at least: 
identify a first event using the plurality of data streams (O’Reilly, 0004, 0025-0026, 0029, 0045-0047);
determine that one or more characteristics of the first event satisfy an event detection rule (O’Reilly, 0004, 0025-0026, 0029, 0045-0047);
present a visual representation of the first event; identify a second event using the plurality of data streams; determine that one or more characteristics of the second event fail to satisfy the event detection rule (O’Reilly, 0004, 0025-0026, 0029, 0045-0047); and
determine not to present a visual representation of the second event (O’Reilly, 0004, 0025-0026, 0029, 0045-0047).

Claims 14-19 do not teach or define any new limitation other than above claims 1-6. Therefore, claims 14-19 are rejected for similar reasons. 

Correspondence Information



Any inquiry concerning this communication or earlier communications from the examiner should be directed to MINH CHAU N NGUYEN whose telephone number is (571)272-4242.  The examiner can normally be reached on M-F 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on (571)272-4170.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MINH CHAU NGUYEN/Primary Examiner, Art Unit 2459