DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see pages 13-22, filed 12/29/2025, with respect to the priority document Application No. 63/347,389 supporting the claimed invention have been fully considered. Applicant is thanked for particularly pointing out where the support can be found for each of the claim limitations in the priority documents. However, there is still one remaining issue with regard to priority.
The Examiner respectfully notes that Applicant has removed the claims requiring that the claimed invention “model[s] the security posture” and instead the claimed invention generates a set of cybersecurity attributes of the entity based on the security posture and a plurality of security objectives as currently claimed by the amended claims. The Examiner maintains that Application No. 63/347,389 does not support the no longer claimed modeling the security posture and the plurality of security objectives as paragraphs [0048] and [0101] of ‘389 does not support any kind of modeling or generating attributes as claimed (repetitions of claim language are not necessarily sufficient), and the graphics displayed by Figures 23A and 23F-J do not display security objectives and instead merely display lorem ipsum placeholder language. Although the claim language has been changed away from modeling and toward generating a set of cybersecurity attributes, neither priority document supports the claimed “generate, based on the security posture and a plurality of security objectives a set of cybersecurity attributes of the entity”.
Applicant’s arguments, see page 22, filed 12/29/2025, with respect to the objection to the specification have been fully considered. The objection to the specification has been withdrawn.
Applicant’s arguments, see page 22, filed 12/29/2025, with respect to the objection to the drawings have been fully considered. The objection to the drawings have been withdrawn.
Applicant’s arguments, see pages 22-25, filed 12/29/2025, with respect to the rejections of claims 1-4, 8, 16-17, and 20 under 35 U.S.C. § 112(a) have been fully considered.
Applicant first attests that the limitation “tokenize and broadcast the security posture to a distributed ledger” is supported by paragraphs [0238] and [0240] of the originally filed disclosure.
The Examiner agrees with this reasoning as paragraphs [0238] and [0240] describe that the security posture of the entity is tokenized into a digital token “that is unique, tamper-resistant, and encrypted”, and that the claim term “broadcasting” refers to the process of sending the token to the nodes in the distributed ledger or blockchain network, which is how nodes in the blockchain are typically published; and further that the claimed invention accomplishes the broadcasting by providing a public address of the token, allowing the decentralized nodes to verify its existence by using the public address to locate and access the token.
The Examiner respectfully notes however, that the claims are given their broadest reasonable interpretation in light of the specification. Therefore, independent claims 1, 16, and 20 only recite “tokenize and broadcast the security posture to a distributed ledger” and is therefore not confined only to the embodiment presented in the specification. Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993) (see also Applicant’s own remarks page 25, where Applicant repeats the same reasoning that the terms set forth in the remarks are not intended to limit the scope of the claim terms, and that the claims are to be given their broadest reasonable interpretation in light of the specification and are not restricted to any single algorithm, data structure, or protocol unless expressly recited).
Applicant next attests that the limitation “determine at least one cybersecurity threat based on the entity data” in claims 2 and 17 are adequately supported by paragraphs [0276], [0279], and [0280-0281] of the originally filed disclosure.
The Examiner respectfully disagrees.
In particular paragraph [0279] disclosing at least monitoring environmental data, network traffic details, system logs, user activity, application activity, new types of cyber threats, threat intelligence feeds is sufficient to support the claimed determine at least one cybersecurity threat.
Applicant is thanked for clearly and particularly pointing out the support for the claimed limitations and the previous rejections of claims 1-4, 8, 16-17, and 20 under 35 U.S.C. § 112(a) have been withdrawn.
Applicant’s arguments, see page 25, filed 12/29/2025, with respect to the rejection of claims 2 and 17 under 35 U.S.C. § 112(b) have been fully considered, but they are not persuasive.
Applicant attests that the term “overall cybersecurity risk profile” is defined in paragraph [0236] of the originally filed disclosure.
In response to Applicant’s remarks, the Examiner respectfully disagrees that the term “overall cybersecurity risk profile” is definite in view of paragraph [0236] of the originally filed specification. Paragraph [0236] explains that the overall risk profile is something that the security posture may correspond to, and for example includes information pertaining to system configuration, security policies, incident response readiness, data types, asset locations, cybersecurity safeguards, coverage, gaps, cyber hygiene practices, third-party attestations, cybersecurity incidents, and cybersecurity claims, but does not explain what the relative term “overall” actually means. Neither the claims nor the originally filed disclosure indicate or suggest minimum and maximum required amount of “information” to constitute an “overall cybersecurity risk profile of the entity” as currently claimed.
The rejection of claims 2 and 17 under 35 U.S.C. § 112(b) will be maintained.
Applicant's arguments, see page 26, filed 12/29/2025, with respect to the rejection of claims 1-4, 8, 16-17 and 20 under 35 U.S.C. § 102(a)(1) have been fully considered but they are not persuasive.
Applicant attests that the Smith reference does not disclose a graphical user interface (GUI), and that Smith does the features of amended claim 1.
Since applicant does not give any further explanation as to how the previously cited art differentiates from the claimed invention other than repeating the amendments made to the claim, the examiner defers to the rejection below as a response to this argument.
Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994).
The disclosure of the prior-filed applications, Application No. 63/457,671 and 63/347,389, both fail to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for one or more claims of this application. Neither provisional application provide adequate written description support for the claim limitation “generate, based on the security posture and a plurality of security objectives, a set of cybersecurity attributes of the entity” found in independent claims 1, 16, and 20.
Drawings
The drawings were received on 12/29/2025. These drawings are acceptable.
Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any newly discovered errors of which Applicant may become aware in the specification.
Claim Objections
Claim 1 is objected to because of the following informalities:
Independent claim 1 contains a typo, “modifification” should read modification.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claim 1-4, 8, 16-17, and 20 rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding Claims 1, 16, and 20:
Independent claims 1, 16, and 20 recite “generate, based on the security posture and a plurality of security objectives, a set of cybersecurity attributes of the entity”. The limitations in question do not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. For example, the claim construction in independent claim 1 recites one or more processing circuits comprising memory and processors configured to generate a set of cybersecurity attributes of the entity, based on the security posture and a plurality of security objectives. Neither the priority documents nor the originally filed disclosure adequately describe how such a processing circuit is configured to perform the claimed function generating cybersecurity attributes. While the claims recite what the attributes are based on, one of ordinary skill in the art would not be apprised of how the inventor intended to actually perform the desired function of generation as claimed. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function reciting in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention.
For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date.
As in MPEP 2161.01 (I), "The description requirement of the patent statute requires a description of an invention, not an indication of a result that one might achieve if one made that invention." It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015).
“The Federal Circuit has explained that a specification cannot always support expansive claim language and satisfy the requirements of 35 U.S.C. 112 "merely by clearly describing one embodiment of the thing claimed." LizardTech v. Earth Resource Mapping, Inc., 424 F.3d 1336, 1346, 76 USPQ2d 1731, 1733 (Fed. Cir. 2005). The issue is whether a person skilled in the art would understand applicant to have invented, and been in possession of, the invention as broadly claimed. In LizardTech, claims to a generic method of making a seamless discrete wavelet transformation (DWT) were held invalid under 35 U.S.C. 112, first paragraph, because the specification taught only one particular method for making a seamless DWT and there was no evidence that the specification contemplated a more generic method. "[T]he description of one method for creating a seamless DWT does not entitle the inventor . . . to claim any and all means for achieving that objective." LizardTech, 424 F.3d at 1346, 76 USPQ2d at 1733.”
Independent claim 1 further recites the limitation “one or more graphical elements configured to cause a selection, … the at least one cybersecurity protection plan”. The originally filed disclosure is not commensurate with the recitation of a graphical user interface element that itself causes a selection. Throughout the originally filed disclosure, Figures 10A-10E, 11A-11D, 13A-13E,13A-13E, 15A-15G, 16A-16D, 20A-20B, and 21A-21B describe various user interfaces (dashboards) for example; the originally filed disclosure is commensurate with the graphical user interface being used by the entity or vendor(s) to select a plan, but the graphical elements themselves are not described as causing a selection per se as recited in claim 1.
The dependent claims fall together accordingly.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-4, 8, 16-17, and 20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
The term “at least two indications of the security posture over time” in claims 1, 16, and 20 is a relative term which renders the claim indefinite. The term “over time” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Neither the claims nor the originally filed disclosure adequately describe the metes and bounds of what may comprise “over time” or any indication of a period of time that’s necessary to be considered “over time”.
The term “an assessment of the entity’s overall cybersecurity risk profile” in claims 2 and 17 is a relative term which renders the claim indefinite. The term “overall cybersecurity risk profile” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. The scope of the claim is unclear and the specification does not allow one of ordinary skill in the art to ascertain what an overall cybersecurity risk profile would comprise. Neither the claims nor the originally filed disclosure indicate or suggest minimum and maximum required amount of “information” to constitute an “overall cybersecurity risk profile of the entity” as currently claimed.
Dependent claims fall together accordingly.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-4, 8, 16-17, and 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more.
Independent claim(s) 1 recite(s) determine a security posture based on the entity data; … generate, based on the security posture and a plurality of security objectives, a set of cybersecurity attributes of the entity; determine, utilizing one or more protection parameters, at least one cybersecurity protection plan corresponding to a new cybersecurity attribute to protect the entity; and provide, … the at least one cybersecurity protection plan to an entity computing system of the entity.
Under the 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”), effective January 7, 2019, independent claim 1 is directed to an abstract idea without being significantly more nor being integrated into a practical application. The claimed invention determines “a security posture” based on amassed entity data, tokenizes the data and broadcasts the data to a distributed ledger, generates “a set of cybersecurity attributes”, “determine[s]” a cybersecurity protection plan corresponding to “a new cybersecurity attribute”, and provides the protection plan and posture using a graphical user interface (GUI) that utilizes graphical elements to select, modify, or update the plan. The claim limitations identified above, as drafted, under the broadest reasonable interpretation, are broad enough to encompass limitations that can practically be performed in the human mind, including for example, observations, evaluations, judgments, and opinions. Except for the a data protection system for protecting data, the data protection system comprising: a plurality of data channels configured to access entity data of an entity; one or more processing circuits communicatively coupled to the plurality of data channels, the one or more processing circuits comprising memory and processors configured to language in the preamble of independent claim 1, which does no more than generally link the use of the judicial exception to a particular technological environment or field of use.
This judicial exception is not integrated into a practical application. The additional generically recited computer elements beyond the abstract idea, taken both individually and as a combination, in independent claim 1 does not integrate the judicial exception into a practical application. The limitations of tokenize and broadcast the security posture to a distributed ledger and [providing] via a graphical user interface (GUI), … wherein the GUI comprises (i) one or more graphical elements configured to cause a selection, modifification, or update the at least one cybersecurity protection plan and (ii) at least two indications of the security posture over time are recited at a high level of generality (i.e. in the context of these claims, as a general way of obtaining information, reciting a generic distributed ledger for storage, and a generic GUI with generic output interface elements/data) and amounts to mere data gathering, which is a form of insignificant extra-solution activity. See MPEP 2106.05(g). Insignificant extra-solution activity and mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. For example, the originally filed disclosure and claims do not recite a specific improvement to computer technology (a new or novel GUI or distributed ledger).
Accordingly, independent claim 1 is directed to an abstract idea.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional computer elements of using processing circuits coupled to data channels, generic tokenization and distributed ledger for storage, and generic GUI interface elements amounts to no more than mere instructions to apply the exception using generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claims are not patent eligible.
Therefore, independent claim(s) 16 and 20 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter for the same reasons identified above for independent claim 1.
Thus, the claims 1-4, 8, 16-17 and 20 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter as the claims do not contain any element or combination of elements that is sufficient enough to ensure that the patent in practice amounts to significantly more than a patent upon the ineligible concept itself.
Dependent claims 2 and 17 do not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only describe what the previously recited posture further comprises, and only further describe additional observations, evaluations, judgments, and opinions that can be practically performed in the human mind.
Dependent claim 3 does not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because it only describes that the previously recited posture comprises “cybersecurity conditions” and “references or pointers” to entity assets, and is recited at a high level of generality and amounts to mere data gathering, which is a form of insignificant extra-solution activity.
Dependent claim 4 does not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because it only describes what the security posture corresponds to including “aggregate representation of at least two of an entities firmographics, data types, asset locations, cybersecurity safeguards, cybersecurity coverage, cybersecurity gaps compared to the one or more protection parameters or cybersecurity threats, cyber hygiene, third-party attestations, cybersecurity incidents, and cybersecurity claims”, amounts to further data gathering, which is a form of insignificant extra-solution activity, and further additional observations, evaluations, judgments, and opinions that can be practically performed in the human mind.
Dependent claim 8 does not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because it only describes that the previously recited cybersecurity attributes (data being gathered) are “associated” with other types of cybersecurity attributes at a high level of generality and amounts to data gathering, which is a form of insignificant extra-solution activity.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-4, 8, 16-17 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Smith et. al. (US Publication No. US 20190132350 A1), hereinafter Smith.
Regarding Claims 1, 16, and 20:
Claim 1. Smith discloses a data protection system for protecting data, the data protection system comprising: a plurality of data channels configured to access entity data of an entity; one or more processing circuits communicatively coupled to the plurality of data channels, the one or more processing circuits comprising memory and processors configured to (Smith [0043-0058]; [0171-0174]): determine a security posture based on the entity data (Smith [0142-0143] and Table 5-6 Cloud security includes operational security and secure standardized network protocols are in place to manage the cloud service and resources are classified); tokenize and broadcast the security posture to a distributed ledger (Smith Table 5 Blockchain enumerated); generate, based on the security posture and a plurality of security objectives, a set of cybersecurity attributes of the entity (Smith [0118] use risk evaluation to achieve objectives; Table 6 different cybersecurity attributes); determine, utilizing one or more protection parameters, at least one cybersecurity protection plan corresponding to a new cybersecurity attribute to protect the entity (Smith Table 6 Data security plans and policies enumerated); and provide, via a graphical user interface (GUI), the at least one cybersecurity protection plan to an entity computing system of the entity (Smith Table 6 “comprehensive incident response plan exists to identify, manage, respond to, and recover from security (e.g., system breach) and IT operational (e.g., process errors) incidents and is communicated to appropriate stakeholders. The incident response plan is reviewed and modified on a periodic basis.”) wherein the GUI comprises (i) one or more graphical elements configured to cause a selection, modifification, or update the at least one cybersecurity protection plan and (ii) at least two indications of the security posture over time (Smith [0092-0093], [0097] rules engine 428 user interface can enable the user to dynamically toggle rules, add/subtract rules; 0103-0104 web interface; Table 6 Cyber Security Data Security “Data Exchange is controlled, encrypted, and protected while the information is at rest or transferred between systems. Formal information exchange requirements have been established and Blockchain systems are configured to protect the exchange of information through use of all types of communication facilities and interfaces”; Table 7 Cyber Security Programming security “Verify that during the functional requirements gathering phase, the information security requirements are captured and consider the following: … required protection needs of assets involved requirements derived from business processes, such as transaction logging and monitoring, non- repudiation requirements mandated by other security controls, e.g., interfaces to logging and monitoring or data leakage detection systems information users and operators of their duties and responsibilities”; Table 6 “comprehensive incident response plan exists to identify, manage, respond to, and recover from security (e.g., system breach) and IT operational (e.g., process errors) incidents and is communicated to appropriate stakeholders. The incident response plan is reviewed and modified on a periodic basis.”; [0144], [0156], and [0160] interface technologies used).
Claims 16 and 20 recite substantially the same content and are therefore rejected under the same rationales. Smith discloses a method (Smith [0055]). Smith further discloses a non-transitory computer readable medium comprising one or more instructions stored thereon and executable by one or more processors (Smith [0043-0058]; [0171-0174]).
Regarding Claims 2 and 17:
Claim 2. Smith further discloses the data protection system of claim 1 (Smith [0043-0058]; [0171-0174]), wherein determining the security posture further comprises: determine a plurality of data types based on analyzing data storage systems of the entity (Smith Table 6 “unauthorized leaks of data, specifically PII and PHI, are prevented or detected”; Table 7 Data classification enumerated and compliance with proper documentation enumerated); determine at least one cybersecurity threat based on the entity data (Smith Table 6 “comprehensive incident response plan exists to identify, manage, respond to, and recover from security (e.g., system breach) and IT operational (e.g., process errors) incidents and is communicated to appropriate stakeholders. The incident response plan is reviewed and modified on a periodic basis.”); identify entity assets based on accessing at least one of the plurality of data channels communicatively coupled to at least one of the entity assets (Smith Table 7 Data classification enumerated and compliance with proper documentation enumerated); and wherein the security posture corresponds to an assessment of an overall cybersecurity risk profile of the entity (Smith [0142-0143] and Table 5-6 Cloud security includes operational security and secure standardized network protocols are in place to manage the cloud service and resources are classified and risk strategy/appetite discussed).
Claim 17 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claim 3:
Smith further discloses the data protection system of claim 2 (Smith [0043-0058]; [0171-0174]), wherein the security posture comprises a current entity state and a current entity index (Smith Table 6-7), wherein the current entity state corresponds to current cybersecurity conditions of the entity (Smith Table 6 cybersecurity perimeter determined along with current penetration testing conditions and vulnerability scans), and wherein the current entity index corresponds to references or pointers to the entity assets of the entity (Smith Table 7 threat detection encompasses file changes and access-related logging events “continuously writes logs from production servers, network devices, databases and storage management hosts to system logs and forwards them to the logging and alerting system in real- time in order to provide backup media for records other than the audited system; configures the information system to provide the capability to generate audit records for defined auditable events for specified information system components; configures the information system to allow specified personnel to select which auditable events should be audited by specific system components; configures the information system to provide capabilities for specified individuals to change the performed audits on information system components based on defined selectable event criteria within specified thresholds”).
Regarding Claim 4:
Smith further discloses the data protection system of claim 3 (Smith [0043-0058]; [0171-0174]), wherein the security posture corresponds to an aggregate representation of at least two of an entities firmographics, data types, asset locations, cybersecurity safeguards, cybersecurity coverage, cybersecurity gaps compared to the one or more protection parameters or cybersecurity threats, cyber hygiene, third-party attestations, cybersecurity incidents, and cybersecurity claims (Smith [0142-0143] and Table 5-6 Cloud security includes operational security and secure standardized network protocols are in place to manage the cloud service and resources are classified).
Regarding Claim 8:
Smith further discloses the data protection system of claim 1 (Smith [0043-0058]; [0171-0174]), wherein each cybersecurity attribute of the set of cybersecurity attributes is associated with at least one of a required cybersecurity attribute, an additional cybersecurity attribute, or an existing cybersecurity attribute (Smith Table 6 different cybersecurity attributes).
Conclusion
The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.L./ Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/ Supervisory Patent Examiner, Art Unit 2496