DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1, 3-10, 12-16, and 18-23 are pending.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/18/2026 has been entered.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 3-10, 12-16, and 18-23 are rejected under 35 USC § 101 because the claimed invention is directed to an abstract idea without significantly more.
Step 1 (The Statutory Categories): Is the claim to a process, machine, manufacture or composition of matter? MPEP 2106.03.
Per Step 1, claim 1 is directed to a computing platform (i.e., a machine), claim 10 is directed to a method (i.e., a process), and claim 16 is directed to a non-transitory computer-readable media (i.e., a machine or manufacture). Thus, the claims are directed to statutory categories of invention. However, the claims are rejected under 35 U.S.C. 101 because they are directed to an abstract idea, a judicial exception, without reciting additional elements that integrate the judicial exception into a practical application.
The analysis proceeds to Step 2A Prong One.
Step 2A Prong One: Does the claim recite an abstract idea, law of nature, or natural phenomenon? MPEP 2106.04.
The abstract idea of claims 1, 10, and 16 (claim 1 being representative) is:
generate, based on identification information received from a plurality of entities, a roster of affiliated entities, wherein each entity is affiliated with a first organizational venture;
receive, one or more alert records, wherein a given alert record comprises:
information corresponding to an impact event detected by the first entity;
a list of entities affected by the impact event; and
a permissions ruleset, wherein the permissions ruleset comprises at least one rule for permitting access to the given alert record;
store a first alert record, of the one or more alert records, wherein storing the first alert record comprises adding an entry comprising at least one historical alert record;
identify, based on the first alert record, a second entity, wherein the second entity is authorized to view the first alert record;
send the first alert record, wherein sending the first alert record causes to trigger a cybersecurity investigation;
initiate, based on activation of the one or more interface elements, the one or more security actions;
receive a second alert record, wherein the second alert record comprises information, detected by the second entity, corresponding to the impact event detected by the first entity;
generate an aggregated alert record corresponding to the impact event detected by the first entity, wherein the aggregated alert record comprises:
at least a portion of the first alert record; and
at least a portion of the second alert record; and
modify, based on the aggregated alert record, wherein modifying comprises:
configuring the aggregated alert record for access with access permissions for one or more portions of the aggregated alert record;
adding a new entry;
compare identifying information with a plurality of permissions rulesets corresponding to the impact event to determine a level of access, to the aggregated alert record;
generate, based on the plurality of permissions rulesets, a modified alert record comprising at least one portion of the second alert record; and
send the modified alert record comprising:
at least a portion of the modified alert record; and
a list of access permissions corresponding to the supervisor device.
The abstract idea steps italicized above constitutes a process that, under its broadest reasonable interpretation (BRI), are those which could be performed mentally, including with pen and paper since it covers collecting and analyzing information, evaluating data, and generating records based on rules. This is further supported by paragraphs 0036-0037 of applicant’s specification as filed. If a claim limitation, under its BRI, covers performance of the limitation in the mind, including observations, evaluations, judgements, and/or opinions, then it falls within the Mental Processes – Concepts Performed in the Human Mind grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
Additionally and alternatively, the claim is directed to generating a roster, sharing alert records based on permissions, and distributing information among organizational actors, which constitutes a process that, under its BRI, covers managing personal behavior relationships, interactions between people. This is further supported by paragraphs 0036-0037 of applicant’s specification as filed. If a claim limitation, under its BRI, covers managing personal behavior relationships, interactions between people, including social activities, teaching, and/or following rules or instructions, following rules or instructions, then it falls within the Certain Methods of Organizing Human Activity – Managing Personal Behavior Relationships, Interactions Between People grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
Step 2A, Prong 2: Does the claim recite additional elements that integrate the judicial exception into a practical application? MPEP §2106.04.
This judicial exception is not integrated into a practical application because the additional elements are merely instructions to apply the abstract idea to a computer, as described in MPEP §2106.05(f).
Claim 1 recites the following additional elements: A computing platform; at least one processor; a communication interface communicatively coupled to the at least one processor; memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to; establish a first data connection with a first user device associated with a first entity, of the roster of affiliated entities; first user device and via the first data connection; to a stored distributed ledger; establish, based on identifying the second entity, a second data connection with a second user device associated with the second entity; display a cybersecurity alert user interface comprising one or more interface elements configured to initiate one or more security actions; establish a third data connection with a supervisor device; wherein sending the modified alert record to the supervisor device causes the supervisor device to display a supervising entity interface.
Claim 10 recites the following additional elements: at a computing platform comprising at least one processor, a communication interface, and memory; establish a first data connection with a first user device associated with a first entity, of the roster of affiliated entities; first user device and via the first data connection; to a stored distributed ledger; establish, based on identifying the second entity, a second data connection with a second user device associated with the second entity; display a cybersecurity alert user interface comprising one or more interface elements configured to initiate one or more security actions; establish a third data connection with a supervisor device; wherein sending the modified alert record to the supervisor device causes the supervisor device to display a supervising entity interface.
Claim 16 recites the following additional elements: One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory, cause the computing platform to; establish a first data connection with a first user device associated with a first entity, of the roster of affiliated entities; first user device and via the first data connection; to a stored distributed ledger; establish, based on identifying the second entity, a second data connection with a second user device associated with the second entity; display a cybersecurity alert user interface comprising one or more interface elements configured to initiate one or more security actions; establish a third data connection with a supervisor device; wherein sending the modified alert record to the supervisor device causes the supervisor device to display a supervising entity interface.
These elements are merely instructions to apply the abstract idea to a computer, per MPEP §2106.05(f). Applicant has only described generic computing elements in their specification, as seen in paragraph [0077] and [0079] of applicant’s specification as filed, for example. Further, the combination of these elements is nothing more than a generic computing system.
Accordingly, these additional elements, alone and in combination, do not integrate the judicial exception into a practical application. The claim is directed to an abstract idea.
Step 2B (The Inventive Concept): Does the claim recite additional elements that amount to significantly more than the judicial exception? MPEP §2106.05.
Step 2B involves evaluating the additional elements to determine whether they amount to significantly more than the judicial exception itself.
The examination process involves carrying over identification of the additional element(s) in the claim from Step 2A Prong Two and carrying over conclusions from Step 2A Prong Two on the considerations discussed in MPEP §2106.05(f).
The additional elements and their analysis are therefore carried over: applicant has merely recited elements that facilitates the tasks of the abstract idea, as described in MPEP §2106.05(f).
Further, the combination of these elements is nothing more than a generic computing system. When the claim elements above are considered, alone and in combination, they do not amount to significantly more.
Therefore, per Step 2B, the additional elements, alone and in combination, are not significantly more. The claims are not patent eligible.
Further, the analysis takes into consideration all dependent claims as well:
Regarding claims 3-8, 12-14, and 18-19 applicant further narrows the abstract idea with additional step(s). There are no further additional elements to consider, beyond those highlighted above. This further narrowing of the abstract idea, similar to above, is also not patent eligible.
Claims 9, 15, and 20 include further additional elements with additional description: third user device. Similar to above, these additional elements do no more than apply the abstract idea to a computer, per MPEP 2106.05(f). When viewed alone or in combination, this does not integrate the abstract idea into practical application and is not significantly more.
Claims 21-23 include further additional elements with additional description: one or more devices in a network of the computing platform. Similar to above, these additional elements do no more than apply the abstract idea to a computer, per MPEP 2106.05(f). When viewed alone or in combination, this does not integrate the abstract idea into practical application and is not significantly more.
Accordingly, claims 1, 3-10, 12-16, and 18-23 are rejected under 35 USC § 101 as being directed to non-statutory subject matter.
No Prior Art Applied to Claims 1, 3-10, 12-16, and 18-23
Claims 1, 10, and 16
There is no prior art applied to claims 1, 10, and 16 because the cited prior art fails to disclose or suggest the complete feature set recited in the claims. Lunsford (WO 2020123822), considered the closest art, discloses:
(claim 1) A computing platform comprising: {“FIG. 1 is a block diagram of an example of a computing environment for incident management according to implementations of this disclosure.” (paragraph 0029)}
(claim 1) at least one processor; {“A third aspect is a system for responding to cyber events. The system includes a memory and a processor.” (paragraph 0021)}
(claim 1) a communication interface communicatively coupled to the at least one processor; and {“A computing device 200 can include components or units, such as a processor 202, a bus 204, a memory 206, peripherals 214, a power source 216, a network communication unit 218, a user interface 220, other suitable components, or a combination thereof.” (paragraph 0058)}
(claim 1) memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: {“The processor is configured to execute instructions stored in the memory to receive a cyber event” (paragraph 0021).}
(claim 10) A method comprising: {“An aspect is a method for responding to cyber events.” (paragraph 0007)}
(claim 10) at a computing platform comprising at least one processor, a communication interface, and memory: {“A computing device 200 can include components or units, such as a processor 202, a bus 204, a memory 206, peripherals 214, a power source 216, a network communication unit 218, a user interface 220, other suitable components, or a combination thereof.” (paragraph 0058).}
(claim 16) One or more non-transitory computer-readable media storing instructions that, when executed by a computing platform comprising at least one processor, a communication interface, and memory, cause the computing platform to: {“Aspects or portions of aspects of the above disclosure can take the form of a computer program product accessible from, for example, a computer-usable or computer- readable medium. A computer-usable or computer-readable medium can be any device that can, for example, tangibly contain, store, communicate, or transport a program or data structure for use by or in connection with any processor […] Such computer-usable or computer-readable media can be referred to as non-transitory memory or media, and may include RAM or other volatile memory or storage devices that may change over time.” (paragraph 0159)}
receive, from the second user device, a second alert record, wherein the second alert record comprises information, detected by the second entity, corresponding to the impact event detected by the first entity; {Once a task (i.e., alert) is transmitted to a second user device, the assigned user or group completes the task and submits a result or proof of completion back to the system. This submission includes information relevant to the incident, which may be generated or detected by the second entity during the investigation (paragraphs 0044, 0047, 0140-0141).}
However, Lunsford fails to disclose or suggest: “generate, based on identification information received from a plurality of entities, a roster of affiliated entities, wherein each entity is affiliated with a first organizational venture;
establish a first data connection with a first user device associated with a first entity, of the roster of affiliated entities;
receive, from the first user device and via the first data connection, one or more alert records, wherein a given alert record comprises;
information corresponding to an impact event detected by the first entity;
a list of entities affected by the impact event; and
a permissions ruleset, wherein the permissions ruleset comprises at least one rule for permitting access to the given alert record;
store a first alert record, of the one or more alert records, wherein storing the first alert record comprises adding an entry to a stored distributed ledger comprising at least one historical alert record;
identify, based on the first alert record, a second entity, wherein the second entity is authorized to view the first alert record;
establish, based on identifying the second entity, a second data connection with a second user device associated with the second entity;
send, based on establishing the second data connection, the first alert record to the second user device, wherein sending the first alert record causes the second user device to: trigger a cybersecurity investigation;
display a cybersecurity alert user interface comprising one or more interface elements configured to initiate one or more security actions; and
initiate, based on activation of the one or more interface elements, the one or more security actions;
generate, in the stored distributed ledger, an aggregated alert record corresponding to the impact event detected by the first entity, wherein the aggregated alert record comprises:
at least a portion of the first alert record; and
at least a portion of the second alert record; and
modify, based on the aggregated alert record, the stored distributed ledger, wherein modifying the stored distributed ledger comprises:
configuring the aggregated alert record for access by devices with access permissions for one or more portions of the aggregated alert record; adding a new entry to the stored distributed ledger; establish a third data connection with a supervisor device;
compare identifying information of the supervisor device with a plurality of permissions rulesets corresponding to the impact event to determine a level of access, to the aggregated alert record, associated with the supervisor device;
generate, based on the plurality of permissions rulesets, a modified alert record comprising at least one portion of the second alert record; and
send the modified alert record to the supervisor device, wherein sending the modified alert record to the supervisor device causes the supervisor device to display a supervising entity interface comprising:
at least a portion of the modified alert record; and a list of access permissions corresponding to the supervisor device.”
Examiner also considered the following additional references:
Ahmed (US 20200226853), which teaches: Methods, systems, and devices of an accident logging and reporting system. The system includes multiple computing devices including a first computing device and a second computing device. Each computing device is configured to maintain a distributed ledger. The first computing device includes one or more sensors. The one or more sensors are configured to detect, measure and obtain sensor information related to an accident. The first computing device includes a communication unit that is configured to communicate with the second computing device. The first computing device includes an electronic control unit. The electronic control unit is configured to integrate a first set of accident information with a second set of accident information. The electronic control unit is configured to link a record that represents a combined set of accident information that incorporates the integrated first set and second set of accident information to the distributed ledger.
Patton (US 20190370089), which teaches: The present invention extends to systems and methods for notifying entities of relevant events. An entity defines a rule formula that is triggered when one or more detected events match the rule formula including defining one or more event types and one or more locations types. A boundary associated with a selected location type is also received along with a monitoring area. The received elements are combined into the rule formula notification preferences are associated with the defined rule. One or more events are detected and then compared to the rule formula to determine if the combination of one or more event types occurred within the boundary of the one or more location types within the area.
Long (US 20160085986), which teaches: A system and method are provided for detecting fraud and/or misuse of data in a computer environment through generating a rule for monitoring at least one of transactions and activities that are associated with the data. The rule can be generated based on one or more criteria related to the at least one of the transactions and the activities that is indicative of fraud or misuse of the data. The rule can be applied to the at least one of the transactions and the activities to determine if an event has occurred, where the event occurs if the at least one criteria has been met. A hit is stored if the event has occurred and a notification can be provided if the event has occurred. A compilation of hits related to the rule can be provided.
Satish (US 20160164907), which teaches: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.
Albero (US 20210211444), which teaches: Aspects of the disclosure relate to real-time validation of application data. A computing platform may collect, in real-time, information associated with a plurality of data transmissions between applications, where the information includes, for each data transmission of the plurality of data transmissions, an indication of a source application and a destination application, a first indication whether the data transmission was sent by the source application, and a second indication whether the data transmission was received by the destination application. The computing platform may compare, for each data transmission, the first indication and the second indication. The computing platform may detect, for a particular data transmission, a lack of a match between the first indication and the second indication. The computing platform may identify the particular data transmission as an anomalous data transmission. Then, the computing platform may trigger one or more security actions to mitigate the anomalous data transmission.
However, neither reference disclose or suggest any of the limitations not covered by Lunsford.
Accordingly, there is no prior art applied to claims 1, 10, and 16. The rest of the claims, by virtue of their dependency, also have no prior art applied.
Response to Arguments
Applicant’s arguments filed on 3/18/2026 have been carefully considered. The headings and page numbers below correspond to those used by applicant.
Rejections under 35 U.S.C. §101
On pages 12-23, applicant offer remarks regarding the rejections under 35 U.S.C. §101. While well taken, they are not persuasive.
Applicant has conflated the abstract idea, considered at Step 2A Prong One, with the additional elements, considered at Step 2A Prong Two and Step 2B. Here, examiner identified the following steps as part of the abstract idea: “generate, based on identification information received from a plurality of entities, a roster of affiliated entities, wherein each entity is affiliated with a first organizational venture; receive, one or more alert records, wherein a given alert record comprises: information corresponding to an impact event detected by the first entity; a list of entities affected by the impact event; and a permissions ruleset, wherein the permissions ruleset comprises at least one rule for permitting access to the given alert record; store a first alert record, of the one or more alert records, wherein storing the first alert record comprises adding an entry comprising at least one historical alert record; identify, based on the first alert record, a second entity, wherein the second entity is authorized to view the first alert record; send the first alert record, wherein sending the first alert record causes to trigger a cybersecurity investigation; initiate, based on activation of the one or more interface elements, the one or more security actions; receive a second alert record, wherein the second alert record comprises information, detected by the second entity, corresponding to the impact event detected by the first entity; generate an aggregated alert record corresponding to the impact event detected by the first entity, wherein the aggregated alert record comprises: at least a portion of the first alert record; and at least a portion of the second alert record; and modify, based on the aggregated alert record, wherein modifying comprises: configuring the aggregated alert record for access with access permissions for one or more portions of the aggregated alert record; adding a new entry; compare identifying information with a plurality of permissions rulesets corresponding to the impact event to determine a level of access, to the aggregated alert record; generate, based on the plurality of permissions rulesets, a modified alert record comprising at least one portion of the second alert record; and send the modified alert record comprising: at least a portion of the modified alert record; and a list of access permissions corresponding to the supervisor device.” The “computing platform; at least one processor; a communication interface communicatively coupled to the at least one processor; memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to; establish a first data connection with a first user device associated with a first entity, of the roster of affiliated entities; first user device and via the first data connection; to a stored distributed ledger; establish, based on identifying the second entity, a second data connection with a second user device associated with the second entity; display a cybersecurity alert user interface comprising one or more interface elements configured to initiate one or more security actions; establish a third data connection with a supervisor device; wherein sending the modified alert record to the supervisor device causes the supervisor device to display a supervising entity interface” are considered additional elements, which are merely facilitating the tasks of said abstract idea. MPEP 2106.05(f) is clear that this generic recitation does not integrate the abstract idea into practical application and/or add significantly more. This interpretation holds whether the additional elements are viewed alone or in combination, where the combination of elements is nothing more than a network-enabled computing system.
Applicant’s reliance on SRI International, Inc. v. Cisco Systems, Inc. is misplaced. In SRI, the claims were directed to specific improvements in network intrusion detection technology. Here, the claims do not recite any comparable improvement to computer or network functionality, but instead use generic components to process and distribute information.
Applicant’s argument regrading BRI (citing In re Cortright) is also unpersuasive. The interpretation applied is consistent with the claim language and specification. The claims do not require any specific technical implementation of distributed ledgers, network protocols, or device operations beyond their ordinary functions.
In addition, Applicant’s reliance on Ex Parte Desjardins is not persuasive. Unlike that case, the present rejection does not characterize all machine learning or computing as abstract, but instead identifies the specific claimed activities (e.g., information collection, evaluation, and distribution) as abstract, with the remaining elements recited generically.
(Examiner notes that the phrase "well-understood, routine, and conventional" was not used in the eligibility analysis. Instead, examiner relied on MPEP 2106.05(f), as explained above.)
Rejections under 35 USC §103
Arguments are moot under 35 USC §103 because there is no prior art applied to claims 1, 3-10, 12-16, and 18-23. Accordingly, Examiner directs Applicant’s attention to the analysis above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLOS F MONTALVO whose telephone number is (703)756-5863. The examiner can normally be reached Monday - Friday 8:00AM - 5:30PM; First Fridays OOO.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sarah Monfeldt can be reached at 571-270-1833. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.F.M./Examiner, Art Unit 3629 /SARAH M MONFELDT/Supervisory Patent Examiner, Art Unit 3629