Office Action Predictor
Last updated: April 16, 2026
Application No. 17/846,974

SYSTEM AND METHOD FOR ENHANCING THIRD PARTY SECURITY

Non-Final OA §101§103§112
Filed
Jun 22, 2022
Examiner
ANDREI, RADU
Art Unit
3698
Tech Center
3600 — Transportation & Electronic Commerce
Assignee
Kpmg LLP
OA Round
5 (Non-Final)
36%
Grant Probability
At Risk
5-6
OA Rounds
3y 4m
To Grant
50%
With Interview

Examiner Intelligence

Grants only 36% of cases
36%
Career Allow Rate
201 granted / 564 resolved
-16.4% vs TC avg
Moderate +15% lift
Without
With
+14.9%
Interview Lift
resolved cases with interview
Typical timeline
3y 4m
Avg Prosecution
65 currently pending
Career history
629
Total Applications
across all art units

Statute-Specific Performance

§101
41.8%
+1.8% vs TC avg
§103
37.8%
-2.2% vs TC avg
§102
2.1%
-37.9% vs TC avg
§112
14.5%
-25.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 564 resolved cases

Office Action

§101 §103 §112
DETAILED ACTION The present application, filed on 6/22/2022 is being examined under the AIA first inventor to file provisions. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/2/2025 has been entered. The following is a non-final Office Action on the Merits in response to Applicant’s submission. a. Claims 1, 11 are amended b. Claims 4, 6, 10, 14, 16 are cancelled Overall, Claims 1-3, 5, 7-9, 11-13, 15, 17-20 are pending and have been considered below. Claim Rejections - 35 USC § 101 35 USC 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-3, 5, 7-9, 11-13, 15, 17-20 are rejected under 35 USC 101 because the claimed invention is not directed to patent eligible subject matter. The claimed matter is directed to a judicial exception, i.e. an abstract idea, not integrated into a practical application, and without significantly more. Per Step 1 of the multi-step eligibility analysis, claims 1-3, 5, 7-9 are directed to a system and claims 11-13, 15, 17-20 are directed to a computer implemented method. Thus, on its face, each independent claim and the associated dependent claims are directed to a statutory category of invention. [INDEPENDENT CLAIMS] Per Step 2A.1. Independent claim 1, is rejected under 35 USC 101 because the independent claim is directed to an abstract idea, a judicial exception, without reciting additional elements that integrate the judicial exception into a practical application. The limitations of the independent claim 1 recite an abstract idea, shown in bold below: [A] A security system for enhancing data security of an enterprise, [B] wherein the chat bot is configured to enable exchange of information between a vendor and the enterprise, [C] the service unit is configured to obtain vendor related data and risk score data from the vendor using the chat bot, and the chat bot employs a machine learning technique and natural language processing to interact with the vendor, [D] a risk assessment unit configured to receive the risk score data from the chat bot of the service unit, [E] wherein the risk assessment unit is configured to process the risk score data associated with the vendor and [F] is configured to generate a predicted risk score associated with the vendor, [G] generate an updated set of risk assessment questions based on the risk score data as new risk score data is received using one or more machine learning techniques, [H] receive vendor related data from the chat bot of the service unit, [I] process the vendor related data using a machine learning model to generate insights on vendor related tasks, and the vendor related data includes the predicted risk score [J] identifying one or more vendors in the vendor related data, [K] identifying duplicate vendors in the vendor related data, [L] generating one or more recommendations regarding selection of one or more of the vendors, [M] identifying one or more of the vendors that are currently being utilized and sorting the identified vendors based on one or more selected parameters, [N] comparing vendors relative to each other for any discrepancies between the vendor and any associated vendor peer group, [O] prioritizing one or more identified vendors based on one or more vendor data points, and [P] identifying vendors based on one or more similar characteristics. Independent claim 1 recites: generating a predicted risk score and an updated set of risk assessment questions based on the risk score ([F], [G]); receiving and processing vendor related data ([H], [I]); identifying vendors and duplicated vendors in the vendor related data ([J], [K]); generating recommendations regarding vendor selection ([L]); identifying vendors, selecting vendors and comparing vendors to each other ([M], [N]); and prioritizing vendors based on given criteria and identifying vendors based on characteristics ([O], [P]), which, based on the claim language and in view of the application disclosure, represents a process aimed at: “assessing and selecting vendors based on a determined risk score for every vendor”. This is a combination that, under its broadest reasonable interpretation, covers agreements in the form of marketing, sales activities or behaviors, business relationships (e-commerce), which falls under Certain Methods of Organizing Human Activity, i.e., Commercial or Legal Interactions grouping of abstract ideas (see MPEP 2106.04(a)(2)). Accordingly, it is concluded that independent claim 1 recites an abstract idea that corresponds to a judicial exception. [INDEPENDENT CLAIMS – QUALIFIERS] Per Step 2A.2. The identified abstract idea is not integrated into a practical application because the additional elements in the independent claims only amount to instructions to apply the judicial exception to a computer, or are a general link to a technological environment (see MPEP 2106.05(f); MPEP 2106.05(h)). For example, the added elements “a chat bot,” “service unit,” “risk assessment unit”, “intelligence unit”, recite computing elements at a high level of generality, generally linking the use of a judicial exception to a particular technological environment (see MPEP 2106.05(h)), or merely using a computer as a tool to perform an abstract idea (MPEP 2106.05(f)). Further, the qualifiers “wherein the insights are generated on the vendor related tasks by completing two or more of the following: …”, as applied to the insights, are nothing more than (a) descriptive limitations of claim elements, such as describing the nature, structure and/or content of other claim elements, or (b) general links to the computing environment, which amount to instructions to “apply it,” or equivalent (MPEP 2106.05(f)). These qualifiers of the independent claims do not preclude from carrying out the identified abstract idea “assessing and selecting vendors based on a determined risk score for every vendor”, and do not serve to integrate the identified abstract idea into a practical application. [INDEPENDENT CLAIMS – ADDITIONAL STEPS] The additional steps in the independent claims, shown not bolded above, recite: enable the exchange of information ([B]), obtain vendor related data ([C]), receive risk score data([D]), process risk score data ([E]). When considered individually, they amount to nothing more than receiving data, processing data, storing results or transmitting data that serves merely to implement the abstract idea using computing components for performing computer functions (corresponding to the words “apply it” or an equivalent), or merely uses a computer as a tool to perform the identified abstract idea. Thus, it is concluded that these claim elements do not integrate the identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) into a practical application (see MPEP 2106.05(f)(2)). Therefore, the additional steps of independent claim 1 do not integrate the identified abstract idea into a practical application and the claims remain a judicial exception. Per Step 2B. Independent claim 1 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when the independent claim is reevaluated as a whole, as an ordered combination under the considerations of Step 2B, the outcome is the same like under Step 2A.2. Overall, it is concluded that independent claim 1 is deemed ineligible. Per Step 2A.1. Independent claim 11 is rejected under 35 USC 101 because the independent claim is directed to an abstract idea, a judicial exception, without reciting additional elements that integrate the judicial exception into a practical application. The limitations of the independent claim 11 recite an abstract idea, shown in bold below: [A] A computer implemented method for enhancing data security of an enterprise [B] receiving vendor related data and risk score data from the vendor using a chat bot, wherein the chat bot employs a machine learning technique and natural language processing [C] to interact with the vendor and [D] to receive the vendor related data and the risk score data from the vendor, and the risk score data includes vendor profile data and vendor risk data; [E] generating an updated set of risk assessment questions based on the risk score data as new risk score data is received using one or more machine learning techniques; [F] processing the risk score data and [G] generating a predicted risk score of the vendor based on the vendor profile data and the vendor risk data; and [H] receiving and processing vendor related data using a machine learning model to generate insights on vendor related tasks, [I] wherein the vendor related data includes the predicted risk score of the vendor, and [J] wherein the insights are generated on the vendor related tasks by completing two or more of the following: [K] identifying one or more vendors in the vendor related data, [L] identifying duplicate vendors in the vendor related data, [M] generating one or more recommendations regarding selection of one or more of the vendors, [N] identifying one or more of the vendors that are currently being utilized and [O] sorting the identified vendors based on one or more selected parameters, [P] comparing vendors relative to each other for any discrepancies between the vendor and any associated vendor peer group, [Q] prioritizing one or more identified vendors based on one or more vendor data points, and [R] identifying vendors based on one or more similar characteristics. Independent claim 11 recites: generating an updated set of risk assessment, and a risk score ([E], [F]); generating a predicted risk score ([G]); receiving and processing vendor related data ([H]); identifying vendors and deduplicating vendors ([K], [L]); generating recommendations ([M]); identifying and sorting vendors ([N], [O]); comparing and prioritizing vendors ([P], [Q]); and identifying vendors ([R]), which, based on the claim language and in view of the application disclosure, represents a process aimed at: “assessing and selecting vendors based on a determined risk score for every vendor”. This is a combination that, under its broadest reasonable interpretation, covers agreements in the form of marketing, sales activities or behaviors, business relationships (e-commerce), which falls under Certain Methods of Organizing Human Activity, i.e., Commercial or Legal Interactions grouping of abstract ideas (see MPEP 2106.04(a)(2)). Accordingly, it is concluded that independent claim 11 recites an abstract idea that corresponds to a judicial exception. [INDEPENDENT CLAIMS – QUALIFIERS] Per Step 2A.2. The identified abstract idea is not integrated into a practical application because the additional elements in the independent claims only amount to instructions to apply the judicial exception to a computer, or are a general link to a technological environment (see MPEP 2106.05(f); MPEP 2106.05(h)). For example, the added elements “a chat bot,” “service unit,” “risk assessment unit”, “intelligence unit”, recite computing elements at a high level of generality, generally linking the use of a judicial exception to a particular technological environment (see MPEP 2106.05(h)), or merely using a computer as a tool to perform an abstract idea (MPEP 2106.05(f)). Further, the qualifiers “wherein the insights are generated on the vendor related tasks by completing two or more of the following: …”, as applied to the insights, are nothing more than (a) descriptive limitations of claim elements, such as describing the nature, structure and/or content of other claim elements, or (b) general links to the computing environment, which amount to instructions to “apply it,” or equivalent (MPEP 2106.05(f)). These qualifiers of the independent claims do not preclude from carrying out the identified abstract idea “assessing and selecting vendors based on a determined risk score for every vendor”, and do not serve to integrate the identified abstract idea into a practical application. [INDEPENDENT CLAIMS – ADDITIONAL STEPS] When considered individually, they amount to nothing more than receiving data, processing data, storing results or transmitting data that serves merely to implement the abstract idea using computing components for performing computer functions (corresponding to the words “apply it” or an equivalent), or merely uses a computer as a tool to perform the identified abstract idea. Thus, it is concluded that these claim elements do not integrate the identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) into a practical application (see MPEP 2106.05(f)(2)). Therefore, the additional steps of independent claim 11 do not integrate the identified abstract idea into a practical application and the claims remain a judicial exception. Per Step 2B. Independent claim 11 does not include additional elements that are sufficient to amount to significantly more than the judicial exception because, when the independent claim is reevaluated as a whole, as an ordered combination under the considerations of Step 2B, the outcome is the same like under Step 2A.2. Overall, it is concluded that independent claim 11 is deemed ineligible. [DEPENDENT CLAIMS] Dependent claim 2, which is representative of dependent claims 12, recites: generating one or more recommendations regarding selection of one or more of the vendors. When considered individually, these added claim elements further elaborate on the abstract idea identified in the independent claims, because the dependent claim continues to recite the identified abstract idea: “assessing and selecting vendors based on a determined risk score for every vendor”. The elements in this dependent claim are comparable to receiving/transmitting data, processing data, storing results or transmitting data that serves merely to implement the abstract idea using computing components for performing computer functions (corresponding to the words “apply it” or an equivalent), or merely uses a computer as a tool to perform the identified abstract idea. Thus, it is concluded that these claim elements do not integrate the identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) into a practical application (see MPEP 2106.05(f)(2)). The dependent claim elements have the same relationship to the underlying abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) as outlined in the independent claims analysis above. Thus, it is readily apparent that the dependent claim elements are not directed to any specific improvements of the independent claims and do not practically or significantly alter how the identified abstract idea would be performed. When considered as a whole, as an ordered combination, the dependent claim further elaborates on the previously identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”). Therefore, dependent claim 2 (which is representative of dependent claims 12) is deemed ineligible. Dependent claim 7, which is representative of dependent claims 17, recites: receiving legal data and for determining based on the legal data whether the vendor is in compliance with a contractual obligation, wherein the legal assessment unit compares the legal data to one or more prestored security requirement templates to identify any differences. When considered individually, these added claim elements further elaborate on the abstract idea identified in the independent claims, because the dependent claim continues to recite the identified abstract idea: “assessing and selecting vendors based on a determined risk score for every vendor”. The elements in this dependent claim are comparable to receiving/transmitting data, processing data, storing results or transmitting data that serves merely to implement the abstract idea using computing components for performing computer functions (corresponding to the words “apply it” or an equivalent), or merely uses a computer as a tool to perform the identified abstract idea. Thus, it is concluded that these claim elements do not integrate the identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) into a practical application (see MPEP 2106.05(f)(2)). The dependent claim elements have the same relationship to the underlying abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) as outlined in the independent claims analysis above. Thus, it is readily apparent that the dependent claim elements are not directed to any specific improvements of the independent claims and do not practically or significantly alter how the identified abstract idea would be performed. When considered as a whole, as an ordered combination, the dependent claim further elaborates on the previously identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”). Therefore, dependent claim 7 (which is representative of dependent claims 17) is deemed ineligible. Dependent claim 9, which is representative of dependent claims 19, recites: receiving the vendor related data and for classifying the vendor into one or more classes based on the vendor related data, wherein the vendor tiering unit generates in response to the vendor related data an alert when the vendor performs one or more actions different than an approved service. When considered individually, these added claim elements further elaborate on the abstract idea identified in the independent claims, because the dependent claim continues to recite the identified abstract idea: “assessing and selecting vendors based on a determined risk score for every vendor”. The elements in this dependent claim are comparable to receiving/transmitting data, processing data, storing results or transmitting data that serves merely to implement the abstract idea using computing components for performing computer functions (corresponding to the words “apply it” or an equivalent), or merely uses a computer as a tool to perform the identified abstract idea. Thus, it is concluded that these claim elements do not integrate the identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) into a practical application (see MPEP 2106.05(f)(2)). The dependent claim elements have the same relationship to the underlying abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) as outlined in the independent claims analysis above. Thus, it is readily apparent that the dependent claim elements are not directed to any specific improvements of the independent claims and do not practically or significantly alter how the identified abstract idea would be performed. When considered as a whole, as an ordered combination, the dependent claim further elaborates on the previously identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”). Therefore, dependent claim 9 (which is representative of dependent claims 19) is deemed ineligible. Dependent claim 20 recites: determine an average time to onboard the vendor. When considered individually, these added claim elements further elaborate on the abstract idea identified in the independent claims, because the dependent claim continues to recite the identified abstract idea: “assessing and selecting vendors based on a determined risk score for every vendor”. The elements in this dependent claim are comparable to receiving/transmitting data, processing data, storing results or transmitting data that serves merely to implement the abstract idea using computing components for performing computer functions (corresponding to the words “apply it” or an equivalent), or merely uses a computer as a tool to perform the identified abstract idea. Thus, it is concluded that these claim elements do not integrate the identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) into a practical application (see MPEP 2106.05(f)(2)). The dependent claim elements have the same relationship to the underlying abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”) as outlined in the independent claims analysis above. Thus, it is readily apparent that the dependent claim elements are not directed to any specific improvements of the independent claims and do not practically or significantly alter how the identified abstract idea would be performed. When considered as a whole, as an ordered combination, the dependent claim further elaborates on the previously identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”). Therefore, dependent claim 20 is deemed ineligible. Dependent claims 3, 5, 8, which are representative of dependent claims 13, 15, 18, respectively, recite: wherein the vendor data points include one or more of accounts payable data, commercial data, provider data, and security rating tools data. wherein the vendor profile data includes vendor identification information and information related to the types of goods or services supplied by the vendor. wherein the vendor related data includes one or more vendor related parameters, and wherein the vendor related parameters include observed behaviors and predicted risks of the vendor. These further elements in the dependent claims do not perform any claimed method steps. They describe the nature, structure and/or content of other claim elements – vendor data points; vendor profile; vendor related data; vendor related parameters – and as such, cannot change the nature of the identified abstract idea (“assessing and selecting vendors based on a determined risk score for every vendor”), from a judicial exception into eligible subject matter, because they do not represent significantly more (see MPEP 2106.07). The nature, form or structure of the other claim elements themselves do not practically or significantly alter how the identified abstract idea would be performed and do not provide more than a general link to a technological environment. Therefore, dependent claims 3, 5, 8 (which are representative of dependent claims 13, 15, 18, respectively) are deemed ineligible. When the dependent claims are considered as a whole, as an ordered combination, the claim elements noted above appear to merely apply the abstract concept to a technical environment in a very general sense. The most significant elements, which form the abstract concept, are set forth in the independent claims. The fact that the computing devices and the dependent claims are facilitating the abstract concept is not enough to confer statutory subject matter eligibility, since their individual and combined significance do not transform the identified abstract concept at the core of the claimed invention into eligible subject matter. Therefore, it is concluded that the dependent claims of the instant application, considered individually, or as a as a whole, as an ordered combination, do not amount to significantly more (see MPEP 2106.07(a)II). In sum, Claims 1-3, 5, 7-9, 11-13, 15, 17-20 are rejected under 35 USC 101 as being directed to non-statutory subject matter. Claim Rejections - 35 USC § 112(a) Written Description (Possession) The following is a quotation of 35 U.S.C. 112(a): The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-3, 5, 7-9, 11-13, 15, 17-20 are rejected under 35 USC 112(a) as failing to comply with the written description requirement. The claim contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1, 11 are rejected for reciting the subject matter “process the risk score”, “generate a predicted risk score associated with the vendor”, “process the vendor related data”, which is not adequately described in the specification, in the drawings or in the original set of claims to satisfy the requirements as described in MPEP 2163.05 V: “While there is a presumption that an adequate written description of the claimed invention is present in the specification as filed, In re Wertheim, 541 F.2d 257, 262, 191 USPQ 90, 96 (CCPA 1976), a question as to whether a specification provides an adequate written description may arise in the context of an original claim. An original claim may lack written description support when (1) the claim defines the invention in functional language specifying a desired result but the disclosure fails to sufficiently identify how the function is performed or the result is achieved …” Further "Even if a claim is supported by the specification, the language of the specification, to the extent possible, must describe the claimed invention so that one skilled in the art can recognize what is claimed. The appearance of mere indistinct words in a specification or a claim, even an original claim, does not necessarily satisfy that requirement. "Enzo Biochem, Inc. v. Gen-Probe, Inc., 323 F.3d 956, 968, 63 USPQ2d 1609, 1616 (Fed. Cir. 2002) (holding that generic claim language appearing in ipsis verbis in the original specification did not satisfy the written description requirement).” In the instant situation, the application specification attempts to describe the subject matter “generate a predicted risk score associated with the vendor” at [page 10] – “… can then generate vendor risk prediction scores based on the previous assessment results and any vendor-provided information, such as updated document information in the risk score data 12b. The risk assessment unit 16 can also be configured to analyze previous assessment data related to the vendor, and which can be stored in the vendor database, on the same vendor or vendors that are considered as peers. The risk assessment unit 16 can then employ a machine learning technique to predict the risk rating or score of an engagement with the vendor based on the analyzed risk score data 12b” No further information, like calculation method or algorithm is provided; i.e. HOW the function is performed. In addition, the specification verbally recites (ipsis verbis) the language of the claim. While the specification discloses the function, it discloses neither the necessary structure, nor the necessary algorithm to perform the function, i.e. HOW the calculation is performed. The question is, given the disclosure, would a POSITA conclude that the inventor was in possession of the subject matter “process the risk score”, “generate a predicted risk score associated with the vendor”, “process the vendor related data” in order to cause a system to perform the functions? The answer is clearly “no.” It looks as if the invention recites subject matter that have neither structure nor algorithm. Therefore, the subject matter was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor(s), at the time the application was filed, had possession of the claimed invention. For examination purpose, Examiner will interpret “process the risk score”, “generate a predicted risk score associated with the vendor”, “process the vendor related data” as any type of calculation, which is what the prior art of record discloses. The reference is provided for compact prosecution purpose. The remainder of the claims are rejected by virtue of dependency. The reference is provided for compact prosecution purpose. Claim Rejections - 35 USC § 112(b) The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. Claims 1-3, 5, 7-9, 11-13, 15, 17-20 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. Regarding Claims 1, 11 – The claims recite “identifying vendors based on one or more similar characteristics”. The term “similar characteristics” is a relative term, thus rendering the claim indefinite. The term " similar characteristics" is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention because the applicant does not point out a degree of similarity. The reference is provided for the purpose of compact prosecution. The remainder of the claims are rejected by virtue of dependency. Claim Rejections - 35 USC § 103 The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the difference between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows: i. Determining the scope and contents of the prior art. ii. Ascertaining the differences between the prior art and the claims at issue. iii. Resolving the level of ordinary skill in the pertinent art. iv. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-3, 5, 7-9, 11-13, 15, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Agee (US 2012/0259752), in view of Wright et al (US 2022/0383242), in further view of Wang et al (US 11,240,278), in further view of Harris et al (US 2019/0266533), in further view of Lewis (US 2020/0143946). Regarding Claims 1, 11 – Agee discloses: A security system for enhancing data security of an enterprise, comprising: wherein the risk assessment unit is configured to process the risk score data associated with the vendor {see at least [0009] risk scoring service} and is configured to generate a predicted risk score associated with the vendor, {see at least [0009] risk scoring service (based on the BRI (MPEP 2111), reads on predicting risk score)} the risk assessment unit generates the predicted risk score based on the vendor profile data and the vendor risk data, and {see at least [0009] risk scoring service (based on the BRI (MPEP 2111), reads on generating predicted risk score)} the vendor related data includes the predicted risk score, and {see at least [0009] risk scoring service (based on the BRI (MPEP 2111), reads on predicting risk score)} the insights are generated on the vendor related tasks by completing two or more of the following: identifying one or more vendors in the vendor related data, {see at least (148)-(149)/[31:55-32:14] duplicate products, images, items (based on the broadest reasonable interpretation requirement (see MPEP 2111) reads on duplicate vendors} Agee does not disclose, however, Wright discloses: a service unit comprising a chat bot, wherein the chat bot is configured to enable exchange of information between a vendor and the enterprise, {see at least [0025] exchanging information} the service unit is configured to obtain vendor related data and risk score data from the vendor using the chat bot, and {see at least [0036] obtaining risk score (reads also on vendor related data); [0023], [0025], [0036] machine learning based module} the chat bot employs a machine learning technique and natural language processing to interact with the vendor, {see at least [0023], [0025], [0036] machine learning based module. Wright does not explicitly disclose “natural language”. However, the difference between the instant application and the prior art is only found in the non-functional descriptive material and is not functionally involved in the recited steps. The steps of the claim would be performed the same regardless of the descriptive material since none of the steps explicitly interact therewith. Limitations that are not functionally interrelated with the useful acts, structure, or properties of the claimed invention carry little or no patentable weight. Thus, this descriptive material will not further limit the scope of the claim and does not distinguish the claimed invention from the prior art in terms of patentability, see In re Ngai, 70 USPQ2d 1862 (CAFC 2004); In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). Therefore, it would also have been obvious to a person of ordinary skill in the art at filing time that utilizing natural language, because such tool does not functionally relate to the steps in the method claimed and because the subjective interpretation of the language does not patentably distinguish the claimed invention.} a risk assessment unit configured to receive the risk score data from the chat bot of the service unit, {see at least [0036] obtaining risk score} an intelligence unit configured to receive vendor related data from the chat bot of the service unit, {see at least [0036] obtaining risk score (reads also on vendor related data)} It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Agee to include the elements of Wright. In the instant case, Agee evidently discloses generating a current and a predicted vendor risk score. Wright is merely relied upon to illustrate the functionality of receiving vendor related data by utilizing a chat bot in the same or similar context. Since both generating a current and a predicted vendor risk score, as well as receiving vendor related data by utilizing a chat bot are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Agee, as well as Wright would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Agee / Wright. Agee, Wright does not disclose, however, Wang discloses: identifying duplicate vendors in the vendor related data, {see at least (148)-(149)/[31:55-32:14] duplicate products, images, items (based on the broadest reasonable interpretation requirement (see MPEP 2111) reads on duplicate vendors} generating one or more recommendations regarding selection of one or more of the vendors, {see at least (255]/[56:14-38] users to review suggestions (reads on recommendations)} identifying one or more of the vendors that are currently being utilized and {see at least {see at least (161)/[35:35-50] vendors sorted out from suppliers (reads on selection parameters)} sorting the identified vendors based on one or more selected parameters, {see at least {see at least (161)/[35:35-50] specific retailer group (reads on identified vendor)} comparing vendors relative to each other for any discrepancies between the vendor and any associated vendor peer group, {see at least (100)/[22:49-58] retailer type entities differences} prioritizing one or more identified vendors based on one or more vendor data points, and {see at least fig. 2J, (132)/[28:60-29:10] ranked retailer records (reads on prioritizing vendors)} identifying vendors based on one or more similar characteristics. {see at least (36)-(37)/[8:62-9:43] product providers may only be permitted to communicate with certain retailers (reads on vendors) regarding certain product categories} It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Agee, Wright to include the elements of Wang. One would have been motivated to do so, in order to select the right vendors. In the instant case, Agee, Wright evidently discloses generating a current and a predicted vendor risk score. Wang is merely relied upon to illustrate the functionality of sorting and prioritizing vendors in the same or similar context. Since both generating a current and a predicted vendor risk score, as well as sorting and prioritizing vendors are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Agee, Wright, as well as Wang would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Agee, Wright / Wang. Agee, Wright, Wang does not disclose, however, Harris discloses: the risk score data includes vendor profile data and vendor risk data, {see at least fig8, [0065]-[0067] supplier risk score … supplier risk … supplier profile data} … based on the vendor profile data and the vendor risk data {see at least fig8, [0065]-[0067] supplier risk score … supplier risk … supplier profile data} It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Agee, Wright, Wang to include the elements of Harris. One would have been motivated to do so, in order to provide the right data in order to make the calculations. In the instant case, Agee, Wright, Wang evidently discloses generating a current and a predicted vendor risk score, and selecting the right vendors. Harris is merely relied upon to illustrate the functionality of the structure of the required vendor data in the same or similar context. Since both generating a current and a predicted vendor risk score and selecting the right vendors, as well as the structure of the required vendor data are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Agee, Wright, Wang, as well as Harris would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Agee, Wright, Wang / Harris. Agee, Wright, Wang; Harris does not disclose, however, Lewis discloses: the risk assessment unit is configured to generate an updated set of risk assessment questions based on the risk score data as new risk score data is received using one or more machine learning techniques, {see at least [0099] updating the dynamically-generated questionnaire based on the updated risk score; [0087] profile data; [0033] applying artificial intelligence, machine learning patterns} wherein the intelligence unit is configured to process the vendor related data using a machine learning model to generate insights on vendor related tasks {see at least [0064] processing data; [0033] machine leaning. The claim element “to generate insights on vendor related tasks” consists entirely of language disclosing at most a reason to have performed earlier method steps (intended use or field of use), but does not affect the functions in a manipulative sense (see MPEP 2103 I C) and imparts neither structure nor functionality to the claimed method (see MPEP 2111.05, MPEP 2114 and authorities cited therein), so it is considered but given no patentable weight. The reference is provided for the purpose of compact prosecution.} It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Agee, Wright, Wang; Harris to include the elements of Lewis. One would have been motivated to do so, in order to utilize a tested technology for achieving best results. In the instant case, Agee, Wright, Wang; Harris evidently discloses generating a current and a predicted vendor risk score, and selecting the right vendors. Lewis is merely relied upon to illustrate the functionality of making calculations by utilizing machine learning in the same or similar context. Since both generating a current and a predicted vendor risk score, and selecting the right vendors, as well as making calculations by utilizing machine learning are implemented through well-known computer technologies in the same or similar context, combining their features as outlined above using such well-known computer technologies (i.e., conventional software/hardware configurations), would be reasonable, according to one of ordinary skill in the art. Moreover, since the elements disclosed by Agee, Wright, Wang; Harris, as well as Lewis would function in the same manner in combination as they do in their separate embodiments, it would be reasonable to conclude that their resulting combination would be predictable. Accordingly, the claimed subject matter is obvious over Agee, Wright, Wang; Harris / Lewis. Regarding Claims 2, 12 – Agee, Wright, Wang, Harris, Lewis discloses the limitations of Claims 1, 11. Wang further discloses: The computer implemented method of claim 11, wherein the vendor related tasks include two or more of: generating one or more recommendations regarding selection of one or more of the vendors, {see at least (255]/[56:14-38] users to review suggestions (reads on recommendations)} It would have been obvious to one of ordinary skill in the art, at the time of filing, to modify Agee, Wright, Wang, Harris, Lewis to include additional elements of Wang. One would have been motivated to do so, in order to reduce the risk. In the instant case, Agee, Wright, Wang, Harris, Lewis evidently discloses generating a risk score and assessing its accuracy. Wang is merely relied upon to illustrate the additional functionality of identifying vendors in the same or similar context. Since the subject matter is merely a combination of old elements, and in the combination each element would have performed the same function it performed separately, one having ordinary skill in the art before the effective filing date would have recognized that the results of the combination were predictable. Regarding Claims 3, 13 – Agee, Wright, Wang, Harris, Lewis discloses the limitations of Claims 2, 12. Agee further discloses: wherein the vendor data points include one or more of accounts payable data, commercial data provider data, and security rating tools data. {see at least fig1, rc126, [0053] cost and indicator data (reads on commercial data)} Regarding Claims 5, 15 – Agee, Wright, Wang, Harris, Lewis discloses the limitations of Claims 1, 11. Agee further discloses: wherein the vendor profile data includes vendor identification information {see at least [0116] vendor name (reads on identification information)} and information related to the types of goods or services supplied by the vendor. {see at least [0146] products and services mapping on general ledger} Regarding Claims 7, 17 – Agee, Wright, Wang, Harris, Lewis discloses the limitations of Claims 1, 11. Agee further discloses: receiving legal data and generating, based on the legal data, an indication whether the vendor is in compliance with a contractual obligation, and {see at least [0680] mapping future business functions and related risk factors; fig2A, [0160] compliance with applicable laws and regulations} comparing the legal data to one or more prestored security requirement templates to identify any differences. {see at least fig2A, [0160] compliance with applicable laws. Regulations; [0781] regulations risk matrix.} Regarding Claims 8, 18 – Agee, Wright, Wang, Harris, Lewis discloses the limitations of Claims 7, 17. Agee further discloses: wherein the vendor related data includes one or more vendor related parameters, and {see at least [0116] vendor name (reads on identification information)} and information related to the types of goods or services supplied by the vendor. {see at least [0146] products and services mapping on general ledger} wherein the vendor related parameters include observed behaviors and predicted risks of the vendor. {see at least [0680] mapping future business functions and related risk factors; fig2A, [0160] compliance with applicable laws and regulations} Regarding Claims 9, 19 – Agee, Wright, Wang, Harris, Lewis discloses the limitations of Claims 8, 18. Agee further discloses: generating in response to the vendor related data an alert when the vendor performs one or more actions different than an approved service. {see at least [0290] email of tardy action item (reads on different than approved)} Regarding Claims 20 – Agee, Wright, Wang, Harris, Lewis discloses the limitations of Claims 19. Agee further discloses: wherein the program quality and efficiency analysis unit is further configured to determine an average time to onboard the vendor. {see at least [0360] new vendor category (based on the broadest reasonable interpretation requirement (see MPEP 2111), reads on onboarding} The prior art made of record and not relied upon which, however, is considered pertinent to applicant's disclosure: US 20060253361 A1 2006-11-09 15 Robinson; Mark I. et al. Method for providing total return swaps using a dealer hedging facility The present invention provides a method for providing a total return swap using a dealer hedging facility, the method comprising entering into the total return swap with an approved dealer participant, purchasing an underlying swap reference asset to hedge market risk, funding the purchase of the underlying swap reference asset from a repo counterparty or other short-term funding source committing capital to absorb potential losses from dealer participant and repo counterparty default, and establishing an SEC-registered broker to carry out the functions of the dealer hedging facility. US 20150106260 A1 2015-04-16 22 Andrews; Gavin Willard et al. SYSTEM AND METHODS FOR GLOBAL BOARDING OF MERCHANTS Systems, apparatuses, and methods for determining if a Merchant should be provided transaction processing services by an Acquirer and/or continue to be provided such services by the Acquirer. In one embodiment, the inventive system and methods permit a more accurate and reliable determination of the risk to an Acquirer presented by a Merchant, based on a risk assessment engine and the described set of data sources. US 20170228635 A1 2017-08-10 36 Diev; Vesselin et al. GENERATING ACCURATE REASON CODES WITH COMPLEX NON-LINEAR MODELING AND NEURAL NETWORKS A computer system computes a score for a received data exchange and, in accordance with a neural network and input variables determined by received current exchange and history data, the computed score indicates a condition suitable for a denial. A set of attribution scores are computed using an Alternating Decision Tree model in response to a computed score that is greater than a predetermined score threshold value for the denial. The computed score is provided to an assessment unit and, if the computed score indicates a condition suitable for the denial and if attribution scores are computed, then a predetermined number of input variable categories from a rank-ordered list of input variable categories is also provided to the assessment unit of the computer system. US 20220076306 A1 2022-03-10 51 Toren; Yizhar SYSTEMS AND METHODS FOR RECOMMENDING RETA
Read full office action

Prosecution Timeline

Jun 22, 2022
Application Filed
Feb 25, 2024
Non-Final Rejection — §101, §103, §112
Aug 06, 2024
Interview Requested
Aug 12, 2024
Applicant Interview (Telephonic)
Aug 12, 2024
Examiner Interview Summary
Aug 22, 2024
Response Filed
Sep 08, 2024
Final Rejection — §101, §103, §112
Jan 10, 2025
Request for Continued Examination
Jan 14, 2025
Response after Non-Final Action
Mar 11, 2025
Non-Final Rejection — §101, §103, §112
Jun 17, 2025
Response Filed
Jun 29, 2025
Final Rejection — §101, §103, §112
Oct 02, 2025
Request for Continued Examination
Oct 11, 2025
Response after Non-Final Action
Nov 30, 2025
Non-Final Rejection — §101, §103, §112
Apr 01, 2026
Response Filed

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12602685
SYSTEMS AND METHODS FOR TOKEN-BASED DEVICE BINDING DURING MERCHANT CHECKOUT
2y 5m to grant Granted Apr 14, 2026
Patent 12579542
SYSTEMS AND METHODS FOR MANAGING CRYPTOCURRENCY
2y 5m to grant Granted Mar 17, 2026
Patent 12579434
TRAINING A NEURAL NETWORK USING AN ACCELERATED GRADIENT WITH SHUFFLING
2y 5m to grant Granted Mar 17, 2026
Patent 12579226
Platform for Digitally Twinning Subjects into AI Agents
2y 5m to grant Granted Mar 17, 2026
Patent 12562927
SECURELY PROCESSING A CONTINGENT ACTION TOKEN
2y 5m to grant Granted Feb 24, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

5-6
Expected OA Rounds
36%
Grant Probability
50%
With Interview (+14.9%)
3y 4m
Median Time to Grant
High
PTA Risk
Based on 564 resolved cases by this examiner. Grant probability derived from career allow rate.

Sign in for Full Analysis

Enter your email to receive a magic link. No password needed.

Free tier: 3 strategy analyses per month