REAL-TIME AUTOMATED SECURITY SCORING

§101 §102 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Specification The use of the terms HITRUST®, Hadoop®, Amazon S3TM, which are trade names or marks used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore, the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term. Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-30 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Regarding Claims 1, 11, and 21: Independent claims 1, 11, and 21 recite “generating normalized threat intelligence data using the threat intelligence data and risk mapping matrix data; generating security score data using the normalized threat intelligence data; generating risk assessment data using the security score data”. The limitations in question do not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding how the inventor achieved the desired results of generating normalized threat intelligence data, how the security score data is generated, nor how the risk assessment data is generated. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. In MPEP 2161.01, "computer-implemented functional claim language must still be evaluated for sufficient disclosure under the written description". For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed software due to the interrelationship and interdependence of computer hardware and software. The critical inquiry is whether the disclosure of the application relied upon reasonably conveys to those skilled in the art that the inventor had possession of the claimed subject matter as of the filing date. As in MPEP 2161.01 (I) (underline added), "The description requirement of the patent statute requires a description of an invention, not an indication of a result that one might achieve if one made that invention." It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015). “The Federal Circuit has explained that a specification cannot always support expansive claim language and satisfy the requirements of 35 U.S.C. 112 "merely by clearly describing one embodiment of the thing claimed." LizardTech v. Earth Resource Mapping, Inc., 424 F.3d 1336, 1346, 76 USPQ2d 1731, 1733 (Fed. Cir. 2005). The issue is whether a person skilled in the art would understand applicant to have invented, and been in possession of, the invention as broadly claimed. In LizardTech, claims to a generic method of making a seamless discrete wavelet transformation (DWT) were held invalid under 35 U.S.C. 112, first paragraph, because the specification taught only one particular method for making a seamless DWT and there was no evidence that the specification contemplated a more generic method. "[T]he description of one method for creating a seamless DWT does not entitle the inventor . . . to claim any and all means for achieving that objective." LizardTech, 424 F.3d at 1346, 76 USPQ2d at 1733.” Regarding Claims 3, 13, and 23: Claims 3, 13, and 23 recite, “wherein generating the normalized threat intelligence data comprises mapping the threat intelligence data to the normalized threat intelligence data using a standardized normalization schema”. The limitation in question does not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding how the inventor achieved “using a standardized normalization schema” as claimed to achieve the desired results of generating normalized threat intelligence data, and there is no disclosure of how such “a standardized normalization schema” performs the desired function. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. Regarding Claims 4, 14, and 24: Claims 4, 14, and 24 recite, “wherein generating the security score data comprises using a rule-based system to evaluate the normalized threat intelligence data against a set of security controls to calculate a risk score of the security score data”. The limitation in question does not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding how the inventor achieved “using a rule-based system to evaluate the normalized threat intelligence data against a set of security controls” as claimed to achieve the desired results of calculating a risk score of the security score data, and there is no disclosure regarding how such a “rule-based system” performs the desired function. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. Regarding Claims 5, 15, and 25: Claims 5, 15, and 25 recite, “generating normalized application log data using the application log data, wherein generating the security score data further uses the normalized application log data”. The limitations in question do not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding how the inventor achieved the desired results of “generating normalized application log data using the application log data” as claimed, nor how the security score data is generating using “the normalized application log data”. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. Regarding Claims 7, 17, and 27: Claims 7, 17, and 27 recite, “wherein generating the normalized application log data comprises mapping the application log data to the normalized application log data using a standardized normalization schema”. The limitation in question does not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding how the inventor achieved “using a standardized normalization schema” as claimed to achieve the desired results of generating normalized application log data, and there is no disclosure of how such “a standardized normalization schema” performs the desired function. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. Regarding Claims 8, 18, and 28: Claims 8, 18, and 28 recite, “wherein generating the security score data comprises using a rule-based system to evaluate the normalized application log data against a set of security controls to calculate a risk score of the security score data”. The limitation in question does not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding how the inventor achieved “using a rule-based system to evaluate the normalized application log data against a set of security controls” as claimed to achieve the desired results of calculating a risk score of the security score data, and there is no disclosure regarding how such a “rule-based system” performs the desired function. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. Regarding Claims 9, 19, and 29: Claims 9, 19, and 29 recite, “wherein the risk mapping matrix data comprises weightings for different security controls”. The limitation in question does not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding what the “different security controls” may comprise, nor how weighting may be applied to them (simply restating the function recited in the claim is not necessarily sufficient). Regarding Claims 10, 20, and 30: Claims 10, 20, and 30 recite, “wherein the risk mapping matrix data comprises prioritized security controls based on a level of risk tolerance of a user of the data platform”. The limitation in question does not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention. There is no disclosure regarding how the security controls are “prioritized… based on a level of risk tolerance of a user” as explicitly claimed, nor what the “security controls” may comprise, nor how “a level of risk tolerance of a user” is ascertained (simply restating the function recited in the claim is not necessarily sufficient). Dependent claims fall together accordingly. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 9, 19, and 29 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 9, 19, and 29 recite the limitation "weightings for different security controls" in line 2. There is insufficient antecedent basis for this limitation in the claim. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Regarding Claim 1: Under the 2019 Revised Patent Subject Matter Eligibility Guidance (“2019 PEG”), effective January 7, 2019, independent claim 1 is directed to an abstract idea without being significantly more nor being integrated into a practical application. The claimed invention collects threat intelligence data, generates normalized threat intelligence data using the threat intelligence data and risk mapping matrix data, generates security score data using the normalized threat intelligence data, generates risk assessment data using the security score data, and provides the risk assessment data to a user. The claim limitations identified above, as drafted, under the broadest reasonable interpretation, covers performance of the limitations in the human mind and are broad enough to encompass performance by a human using pen and paper. Except for the “computer-implemented method of a data platform” language in the preamble of independent claim 1, which does no more than generally link the use of the judicial exception to a particular technological environment or field of use. This judicial exception is not integrated into a practical application. The limitations of collecting of threat intelligence data are recited at a high level of generality and amounts to mere data gathering, which is a form of insignificant extra-solution activity. See MPEP 2106.05(g). Insignificant extra-solution activity and mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. Accordingly, independent claim 1 is directed to an abstract idea. Therefore, independent claims 11 and 21 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter for the same reasons identified above for independent claim 1. The additional generically recited computer elements beyond the abstract idea, taken both individually and as a combination, in independent claims 11and 21, do not integrate the judicial exception into a practical application. Thus, claims 1-30 are rejected under 35 U.S.C. § 101 as being directed to non-statutory subject matter as the claims do not contain any element or combination of elements that is sufficient enough to ensure that the patent in practice amounts to significantly more than a patent upon the ineligible concept itself. Dependent claims 2, 12, and 22 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only enumerate that the systems from which the threat intelligence data is collected from comprise a plurality of systems with different schema. Dependent claims 3, 13, and 23 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because the recited mapping the threat intelligence data to the normalized threat intelligence data using a standardized normalization schema, under the broadest reasonable interpretation, covers performance of the limitations in the human mind and are broad enough to encompass performance by a human using pen and paper. Dependent claims 4, 14, and 24 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because the recited using a rule-based system to evaluate the normalized threat intelligence data against a set of security controls to calculate a risk score of the security score data, under the broadest reasonable interpretation, covers performance of the limitations in the human mind and are broad enough to encompass performance by a human using pen and paper. Dependent claims 5, 15, and 25 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because the recited application log data collection is recited at a high level of generality and amounts to mere data gathering, which is a form of insignificant extra-solution activity; and the recited normalized application log data and security score generation, under the broadest reasonable interpretation, covers performance of the limitations in the human mind and are broad enough to encompass performance by a human using pen and paper. Dependent claims 6, 16, and 26 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only enumerate that the one or more applications have different schema defining a format of application log data. Dependent claims 7, 17, and 27 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because the recited normalized application log data generation by mapping the log data to the normalized log data using a standardized normalization schema, under the broadest reasonable interpretation, covers performance of the limitations in the human mind and are broad enough to encompass performance by a human using pen and paper. Dependent claims 8, 18, and 28 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only enumerate that to calculate a risk score of the security data, a rule-based system is used to evaluate the normalized application log data against a set of security controls which, under the broadest reasonable interpretation, covers performance of the limitations in the human mind and are broad enough to encompass performance by a human using pen and paper. Dependent claims 9, 19, and 29 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only enumerate that the risk mapping matrix data comprises weightings for different security controls. Dependent claims 10, 20, and 30 do not contain not contain any element or combination of elements sufficient to incorporate the abstract idea into a practical application because they only enumerate that the risk mapping matrix data comprises prioritized security controls based on a level of risk tolerance of a user of the data platform. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1-30 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Johnas et. al. (US Publication No. US 2023/0205743 A1) hereinafter Johnas. Regarding Claims 1, 11, and 21: Claim 11. Johnas discloses a data platform comprising: at least one processor; and memory storing instructions that, when executed by the at least one processor, cause the data platform to perform operations comprising (Johnas Fig. 10, [0117-0124]): collecting threat intelligence data generated by one or more threat intelligence systems using usage data of the data platform (Johnas [0019-0022] “Upon defining the enterprise data model schema, the enterprise data management system may begin ingesting data from the data storages associated with the organization and the adjacencies. In some embodiments, the enterprise data management system may include a server (also referred to as a “data management module” implemented within a server) configured to store and access the data associated with the organization and the adjacencies”); generating normalized threat intelligence data using the threat intelligence data and risk mapping matrix data (Johnas [0022] “In some embodiments, the server may also transform the data before the transformed data is stored in the corresponding enterprise data model instance according to the mapping between the data model schema associated with the entity and the enterprise data model schema. The transformation may include normalizing the data such that data of the same (or similar type) across different entities may be stored in the enterprise data model instances according the same scale (e.g., a risk score between 0 to 100, a rating between 1 and 5, etc.).”; [0031-0032] “a risk-focused data view may be generated that compiles data in a risk-focused organization (e.g., having a focus on risk attributes, such as transaction locations, transaction frequencies, etc. instead of other attributes, etc.). Thus, each data view may include a different subset of data types from the enterprise data model schema and/or a different organization of the data types than the actual organization in the enterprise data model instances. Having different data views enable different data consumers (e.g., agents from the accounting department of the organization, agents from the risk department of the organization, etc.) to consume the data stored in the enterprise data model instances in a more relevant and meaningful way”); generating security score data using the normalized threat intelligence data (Johnas [0092-0094] example of risk score and risk assessment for a pending transaction including thresholds); generating risk assessment data using the security score data (Johnas [0092-0093] example of risk score and risk assessment for a pending transaction including thresholds, [0094] “In some embodiments, when the risk evaluation of the particular user exceeds a threshold, the data manager 202 may transmit a notification to one or more of the servers 110, 120, 130, and 140 to cause the servers 110, 120, 130, and 140 to perform an action to the corresponding user accounts associated with the particular user. For example, each of the servers 110, 120, 130, and 140 may modify a security protocol for accessing a corresponding user account associated with the particular user for accessing the functionalities of the user account”); and providing the risk assessment data to a user of the data platform (Johnas [0033] “The data management system may generate a risk outcome for the user and present the accounting report on a user device of a data consumer”, [0043] “The data management system may present and/or analyze the data of the particular user based on the consolidated data view. Based on the comprehensive view of the user, the data management system may provide enhanced services for the particular user, such as providing enhanced product/service recommendations for the user based on the user's transaction patterns across multiple entities, a risk evaluation of the particular user based on the user's interaction with multiple entities, or other enhanced services”). Claims 1 and 21 contain substantially the same content and are therefore rejected under the same rationales. Johnas further discloses A computer-implemented method of a data platform (Johnas [0016], [0124], claim 9); and a machine-storage medium comprising machine-readable instructions that, when executed by a machine, cause the machine to perform operations comprising (Johnas Fig. 10, [0117-0124]). Regarding Claims 2, 12, and 22: Claim 12. Johnas further discloses the data platform of claim 11 (Johnas Fig. 10, [0117-0124]), wherein the one or more threat intelligence systems comprise a plurality of threat intelligence security risk assessment systems having different schema defining a format of the threat intelligence data (Johnas [0022] each entity may have different corresponding schema, [0059] “As discussed herein, each of the data storages 114, 124, 134, and 144 store data in a manner (e.g., organization) according to a different data model schema associated with the corresponding entity. It is because each business entity may include a different set of data types and organize the set of data types in a way that is relevant and specific to the business operations of the entity”). Claims 2 and 22 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 3, 13, and 23: Claim 13. Johnas further discloses the data platform of claim 11 (Johnas Fig. 10, [0117-0124]), wherein generating the normalized threat intelligence data comprises: mapping the threat intelligence data to the normalized threat intelligence data using a standardized normalization schema (Johnas [0022] “In some embodiments, the server may also transform the data before the transformed data is stored in the corresponding enterprise data model instance according to the mapping between the data model schema associated with the entity and the enterprise data model schema. The transformation may include normalizing the data such that data of the same (or similar type) across different entities may be stored in the enterprise data model instances according the same scale (e.g., a risk score between 0 to 100, a rating between 1 and 5, etc.)”). Claims 3 and 23 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 4, 14, and 24: Claim 14. Johnas further discloses the data platform of claim 11 (Johnas Fig. 10, [0117-0124]), wherein generating the security score data comprises using a rule-based system to evaluate the normalized threat intelligence data against a set of security controls to calculate a risk score of the security score data (Johnas [0093] thresholds, [0094] “Based on the comprehensive view of the user, the data management system may provide enhanced services for the particular user, such as providing enhanced product/service recommendations for the user based on the user's transaction patterns across multiple entities, a risk evaluation of the particular user based on the user's interaction with multiple entities, or other enhanced services. In some embodiments, when the risk evaluation of the particular user exceeds a threshold, the data manager 202 may transmit a notification to one or more of the servers 110, 120, 130, and 140 to cause the servers 110, 120, 130, and 140 to perform an action to the corresponding user accounts associated with the particular user”). Claims 4 and 24 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 5, 15, and 25: Claim 15. Johnas further discloses the data platform of claim 11 (Johnas Fig. 10, [0117-0124]), wherein the operations further comprise: collecting application log data of one or more applications executing on the data platform (Johnas [0019-0022] “Upon defining the enterprise data model schema, the enterprise data management system may begin ingesting data from the data storages associated with the organization and the adjacencies. In some embodiments, the enterprise data management system may include a server (also referred to as a “data management module” implemented within a server) configured to store and access the data associated with the organization and the adjacencies”); and generating normalized application log data using the application log data, wherein generating the security score data further uses the normalized application log data (Johnas [0022] “In some embodiments, the server may also transform the data before the transformed data is stored in the corresponding enterprise data model instance according to the mapping between the data model schema associated with the entity and the enterprise data model schema. The transformation may include normalizing the data such that data of the same (or similar type) across different entities may be stored in the enterprise data model instances according the same scale (e.g., a risk score between 0 to 100, a rating between 1 and 5, etc.)”, [0032-0033]). Claims 5 and 25 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 6, 16, and 26: Claim 16. Johnas further discloses the data platform of claim 15 (Johnas Fig. 10, [0117-0124]), wherein the one or more applications comprise a plurality of applications having different schema defining a format of the application log data (Johnas [0022] each entity may have different corresponding schema, [0059] “As discussed herein, each of the data storages 114, 124, 134, and 144 store data in a manner (e.g., organization) according to a different data model schema associated with the corresponding entity. It is because each business entity may include a different set of data types and organize the set of data types in a way that is relevant and specific to the business operations of the entity”). Claims 6 and 26 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 7, 17, and 27: Claim 17. Johnas further discloses the data platform of claim 15 (Johnas Fig. 10, [0117-0124]), wherein generating the normalized application log data comprises: mapping the application log data to the normalized application log data using a standardized normalization schema (Johnas [0022] “In some embodiments, the server may also transform the data before the transformed data is stored in the corresponding enterprise data model instance according to the mapping between the data model schema associated with the entity and the enterprise data model schema. The transformation may include normalizing the data such that data of the same (or similar type) across different entities may be stored in the enterprise data model instances according the same scale (e.g., a risk score between 0 to 100, a rating between 1 and 5, etc.).”; [0031-0032] “a risk-focused data view may be generated that compiles data in a risk-focused organization (e.g., having a focus on risk attributes, such as transaction locations, transaction frequencies, etc. instead of other attributes, etc.). Thus, each data view may include a different subset of data types from the enterprise data model schema and/or a different organization of the data types than the actual organization in the enterprise data model instances. Having different data views enable different data consumers (e.g., agents from the accounting department of the organization, agents from the risk department of the organization, etc.) to consume the data stored in the enterprise data model instances in a more relevant and meaningful way”). Claims 7 and 27 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 8, 18, and 28: Claim 18. Johnas further discloses the data platform of claim 15 (Johnas Fig. 10, [0117-0124]), wherein generating the security score data comprises using a rule-based system to evaluate the normalized application log data against a set of security controls to calculate a risk score of the security score data (Johnas [0093] thresholds, [0094] “Based on the comprehensive view of the user, the data management system may provide enhanced services for the particular user, such as providing enhanced product/service recommendations for the user based on the user's transaction patterns across multiple entities, a risk evaluation of the particular user based on the user's interaction with multiple entities, or other enhanced services. In some embodiments, when the risk evaluation of the particular user exceeds a threshold, the data manager 202 may transmit a notification to one or more of the servers 110, 120, 130, and 140 to cause the servers 110, 120, 130, and 140 to perform an action to the corresponding user accounts associated with the particular user”). Claims 8 and 28 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 9, 19, and 29: Claim 19. Johnas further discloses the data platform of claim 15 (Johnas Fig. 10, [0117-0124]), wherein the risk mapping matrix data comprises weightings for different security controls (Johnas [0093] data manager 202 analyzes location data associated with past transactions and their consistency to determine whether to assign a high or low risk score according to a particular distance threshold). Claims 9 and 29 contain substantially the same content and are therefore rejected under the same rationales. Regarding Claims 10, 20, and 30: Claim 20. Johnas further discloses the data platform of claim 15 (Johnas Fig. 10, [0117-0124]), wherein the risk mapping matrix data comprises prioritized security controls based on a level of risk tolerance of a user of the data platform (Johnas [0094] “In some embodiments, when the risk evaluation of the particular user exceeds a threshold, the data manager 202 may transmit a notification to one or more of the servers 110, 120, 130, and 140 to cause the servers 110, 120, 130, and 140 to perform an action to the corresponding user accounts associated with the particular user. For example, each of the servers 110, 120, 130, and 140 may modify a security protocol for accessing a corresponding user account associated with the particular user for accessing the functionalities of the user account”). Claims 10 and 30 contain substantially the same content and are therefore rejected under the same rationales. Conclusion The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /M.A.L./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496