DETAILED ACTION
This communication is a Non-Final Rejection Office Action in response to the 3/9/2026 submission filed in Application 18/359,409.
Claim 7 is cancelled. Claim 24 is added. Claims 1, 3-6, 8-12, 14-18, and 20-24 are now presented.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 3/9/2026 has been entered.
Response to Arguments
Applicant’s arguments filed 3/9/2026 with respect to the prior art have been considered but are moot because the arguments do not apply to the new grounds of rejection that was necessitated by amendment.
Applicant's remaining arguments filed have been fully considered but they are not persuasive.
The Applicant argues “The amendments clarify the technical mechanism by which the machine learning models determine hierarchical relationships as suggested by the Examiner during the Interview, and further integrate the alleged abstract idea into a practical application. These operations are performed automatically by computer systems operating on network infrastructure and cannot be performed mentally. Therefore, the claims provide a practical application that improves the functionality and security of enterprise networks rather than merely organizing human activity. Accordingly, the claims are not directed at an abstract idea and satisfy Section 101."”
The Examiner respectfully disagrees. The amendments do not explain how the graph neural network (GNN) is learned. IT merely states the outcome (that the model is learned) but does not explain how the learning occurs. As explain in the rejection below this is not sufficient to overcome the rejection under 101.
Further, the final step of performing one or more of updating a software asset to a newer version, resolving network issues of the enterprise network, or renewing an expired software license does not save the claims. The claims do not state how network issues are resolved; how software asset are updated to newer visions or how an expired software license is renewed. As such, as explained below these limitations remain abstract.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1, 3-12, 14-18, and 20-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
When considering subject matter eligibility under 35 U.S.C. 101, in step 1 it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter. If the claim does fall within one of the statutory categories, in step 2A prong 1 it must then be determined whether the claim is recite a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea). If the claim recites a judicial exception, under step 2A prong 2 it must additionally be determined whether the recites additional elements that integrate the judicial exception into a practical application. If a claim does not integrate the Abstract idea into a practical application, under step 2B it must then be determined if the claim provides an inventive concept.
In the Instant case, Claims 1, 3-11, 21-23 are directed toward a method for obtaining enterprise data about a plurality of assets and configuration of an enterprise network. Claims 12, 14-17 are directed toward an apparatus for obtaining enterprise data about a plurality of assets and configuration of an enterprise network. Claims 18, 20 are directed toward a computer program product for obtaining enterprise data about a plurality of assets and configuration of an enterprise network. As such, each of the Claims is directed to one of the four statutory categories of invention.
MPEP 2106.04 II. A. explains that in step 2A prong 1 Examiners are to determine whether a claim recites a judicial exception. MPEP 2106.04(a) explains that:
To facilitate examination, the Office has set forth an approach to identifying abstract ideas that distills the relevant case law into enumerated groupings of abstract ideas. The enumerated groupings are firmly rooted in Supreme Court precedent as well as Federal Circuit decisions interpreting that precedent, as is explained in MPEP § 2106.04(a)(2). This approach represents a shift from the former case-comparison approach that required examiners to rely on individual judicial cases when determining whether a claim recites an abstract idea. By grouping the abstract ideas, the examiners’ focus has been shifted from relying on individual cases to generally applying the wide body of case law spanning all technologies and claim types.
The enumerated groupings of abstract ideas are defined as:
1) Mathematical concepts – mathematical relationships, mathematical formulas or equations, mathematical calculations (see MPEP § 2106.04(a)(2), subsection I);
2) Certain methods of organizing human activity – fundamental economic principles or practices (including hedging, insurance, mitigating risk); commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations); managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions) (see MPEP § 2106.04(a)(2), subsection II); and
3) Mental processes – concepts performed in the human mind (including an observation, evaluation, judgment, opinion) (see MPEP § 2106.04(a)(2), subsection III).
As per step 2A prong 1 of the eligibility analysis, claim 1 recites the abstract idea of obtaining enterprise data about a plurality of assets and configuration of an enterprise network which falls into the abstract idea categories of certain methods of organizing human activity and mental processes. The elements of Claim 1 that represent the Abstract idea include:
A method comprising:
a model based on the enterprise data and the partner data to determine one or more hierarchical relationships between the plurality of assets, the enterprise network, and the one or more network related partner services, the model having nodes representing the plurality of the assets and edges representing the partner services;
applying the model to generate one or more risk values based on the one or more hierarchical relationships;
and performing at least one configuration action to the enterprise network to modify the one or more risk values based on one or more configuration actions performed by a plurality of similarly situated network related partner services, wherein a configuration action includes performing one or more of: updating a software asset to a newer version, resolving network issues of the enterprise network, or renewing an expired software license in the enterprise network
MPEP 2106.04(a)(2) II. states:
The phrase "methods of organizing human activity" is used to describe concepts relating to:
fundamental economic principles or practices (including hedging, insurance, mitigating risk);
commercial or legal interactions (including agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations); and
managing personal behavior or relationships or interactions between people, (including social activities, teaching, and following rules or instructions).
The Supreme Court has identified a number of concepts falling within the "certain methods of organizing human activity" grouping as abstract ideas. In particular, in Alice, the Court concluded that the use of a third party to mediate settlement risk is a ‘‘fundamental economic practice’’ and thus an abstract idea. 573 U.S. at 219–20, 110 USPQ2d at 1982. In addition, the Court in Alice described the concept of risk hedging identified as an abstract idea in Bilski as ‘‘a method of organizing human activity’’. Id. Previously, in Bilski, the Court concluded that hedging is a ‘‘fundamental economic practice’’ and therefore an abstract idea. 561 U.S. at 611–612, 95 USPQ2d at 1010.
In the instant case the steps of determining one or more hierarchical relationships between the plurality of assets, the enterprise network, and the one or more network related partner services and generating one or more risk values based on the one or more hierarchical relationships are directed toward determining relationships and detecting risk in an organization which is a method or organizing human activity and a fundamental business practice.
Further, the updating a software asset to a newer version, resolving network issues of the enterprise network, or renewing an expired software license are recited broadly. The claims do not state how these action occur. Performing the recited configuration actions can amounts to following rules or instructions which is also abstract.
MPEP 2106.04(a)(2) states:
The courts consider a mental process (thinking) that "can be performed in the human mind, or by a human using a pen and paper" to be an abstract idea. CyberSource Corp. v. Retail Decisions, Inc., 654 F.3d 1366, 1372, 99 USPQ2d 1690, 1695 (Fed. Cir. 2011). As the Federal Circuit explained, "methods which can be performed mentally, or which are the equivalent of human mental work, are unpatentable abstract ideas the ‘basic tools of scientific and technological work’ that are open to all.’" 654 F.3d at 1371, 99 USPQ2d at 1694 (citing Gottschalk v. Benson, 409 U.S. 63, 175 USPQ 673 (1972)). See also Mayo Collaborative Servs. v. Prometheus Labs. Inc., 566 U.S. 66, 71, 101 USPQ2d 1961, 1965 (2012) ("‘[M]ental processes[] and abstract intellectual concepts are not patentable, as they are the basic tools of scientific and technological work’" (quoting Benson, 409 U.S. at 67, 175 USPQ at 675)); Parker v. Flook, 437 U.S. 584, 589, 198 USPQ 193, 197 (1978) (same).
Accordingly, the "mental processes" abstract idea grouping is defined as concepts performed in the human mind, and examples of mental processes include observations, evaluations, judgments, and opinions
The instant claims recite mental processes including observation, evaluation, judgment, opinion. For example, the steps directed to determining one or more hierarchical relationships among the plurality of assets, the enterprise network, and the one or more network related partner services; and generating one or more risk values based on the one or more hierarchical relationships; and are directed to mental processes. There is nothing is nothing the claims that preclude these steps from being performed mentally. As such, the claims recite abstract ideas.
Under step 2A prong 2 the examiner must then determine if the recited abstract idea is integrated into a practical application. MPEP 2106.04 states:
Limitations the courts have found indicative that an additional element (or combination of elements) may have integrated the exception into a practical application include:
• An improvement in the functioning of a computer, or an improvement to other technology or technical field, as discussed in MPEP §§ 2106.04(d)(1) and 2106.05(a);
• Applying or using a judicial exception to effect a particular treatment or prophylaxis for a disease or medical condition, as discussed in MPEP § 2106.04(d)(2);
• Implementing a judicial exception with, or using a judicial exception in conjunction with, a particular machine or manufacture that is integral to the claim, as discussed in MPEP § 2106.05(b);
• Effecting a transformation or reduction of a particular article to a different state or thing, as discussed in MPEP § 2106.05(c); and
• Applying or using the judicial exception in some other meaningful way beyond generally linking the use of the judicial exception to a particular technological environment, such that the claim as a whole is more than a drafting effort designed to monopolize the exception, as discussed in MPEP § 2106.05(e)
The courts have also identified limitations that did not integrate a judicial exception into a practical application:
• Merely reciting the words "apply it" (or an equivalent) with the judicial exception, or merely including instructions to implement an abstract idea on a computer, or merely using a computer as a tool to perform an abstract idea, as discussed in MPEP § 2106.05(f);
• Adding insignificant extra-solution activity to the judicial exception, as discussed in MPEP § 2106.05(g); and
• Generally linking the use of a judicial exception to a particular technological environment or field of use, as discussed in MPEP § 2106.05(h).
In the instant case, this judicial exception is not integrated into a practical application. In particular, Claim 1 recites the additional elements of:
A method comprising:
obtaining enterprise data about a plurality of assets and configuration of an enterprise network, and partner data about one or more network related partner services for the enterprise network;
learning a graph neural network (GNN)-based deep machine learning model
using performing machine learning; and
providing the one or more risk values indicative of performance of the one or more network related partner services;
the configuration occurs automatically
However, the computer elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer functions) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Further, configuration actions are recited broadly with no explanation on how they automatically occur. Under the broadest reasonable interpretation this amounts to a processor to perform the recited action which amounts to merely using a computer as a tool to perform an abstract idea.
Further MPEP 2105.05(g) explains that data gathering and data output can be considered pre-solution activity and post-solution activity. See MPEP 2106.05(g) that states:
An example of pre-solution activity is a step of gathering data for use in a claimed process, e.g., a step of obtaining information about credit card transactions, which is recited as part of a claimed process of analyzing and manipulating the gathered information by a series of steps in order to detect whether the transactions were fraudulent. An example of post-solution activity is an element that is not integrated into the claim as a whole, e.g., a printer that is used to output a report of fraudulent transactions, which is recited in a claim to a computer programmed to analyze and manipulate information about credit card transactions in order to detect whether the transactions were fraudulent.
In the instant case, the claims do not provide any particular way that the data is obtained. As such, the broadly recited obtaining of information amounts to insignificant pre-solution activity.
Further, the claims do not provide any particular way that the data is provided. As such, the broadly recited obtaining of information amounts to insignificant post-solution activity.
Further, the recitation of the graph neural network (GNN)-based deep machine learning model is indicative of adding the words “apply it” (or an equivalent) with the judicial exception. MPEP 2106.05(f) states:
When determining whether a claim simply recites a judicial exception with the words "apply it" (or an equivalent), such as mere instructions to implement an abstract idea on a computer, examiners may consider the following:
(1) Whether the claim recites only the idea of a solution or outcome i.e., the claim fails to recite details of how a solution to a problem is accomplished. The recitation of claim limitations that attempt to cover any solution to an identified problem with no restriction on how the result is accomplished and no description of the mechanism for accomplishing the result, does not integrate a judicial exception into a practical application or provide significantly more because this type of recitation is equivalent to the words "apply it". See Electric Power Group, LLC v. Alstom, S.A., 830 F.3d 1350, 1356, 119 USPQ2d 1739, 1743-44 (Fed. Cir. 2016); Intellectual Ventures I v. Symantec, 838 F.3d 1307, 1327, 120 USPQ2d 1353, 1366 (Fed. Cir. 2016); Internet Patents Corp. v. Active Network, Inc., 790 F.3d 1343, 1348, 115 USPQ2d 1414, 1417 (Fed. Cir. 2015). In contrast, claiming a particular solution to a problem or a particular way to achieve a desired outcome may integrate the judicial exception into a practical application or provide significantly more. See Electric Power, 830 F.3d at 1356, 119 USPQ2d at 1743.
By way of example, in Intellectual Ventures I v. Capital One Fin. Corp., 850 F.3d 1332, 121 USPQ2d 1940 (Fed. Cir. 2017), the steps in the claims described "the creation of a dynamic document based upon ‘management record types’ and ‘primary record types.’" 850 F.3d at 1339-40; 121 USPQ2d at 1945-46. The claims were found to be directed to the abstract idea of "collecting, displaying, and manipulating data." 850 F.3d at 1340; 121 USPQ2d at 1946. In addition to the abstract idea, the claims also recited the additional element of modifying the underlying XML document in response to modifications made in the dynamic document. 850 F.3d at 1342; 121 USPQ2d at 1947-48. Although the claims purported to modify the underlying XML document in response to modifications made in the dynamic document, nothing in the claims indicated what specific steps were undertaken other than merely using the abstract idea in the context of XML documents. The court thus held the claims ineligible, because the additional limitations provided only a result-oriented solution and lacked details as to how the computer performed the modifications, which was equivalent to the words "apply it". 850 F.3d at 1341-42; 121 USPQ2d at 1947-48 (citing Electric Power Group., 830 F.3d at 1356, 1356, USPQ2d at 1743-44 (cautioning against claims "so result focused, so functional, as to effectively cover any solution to an identified problem")).
In the instant case, the additional elements of the graph neural network (GNN)-based deep machine learning model attempt to cover any solution to the identified problem with no restriction on how the result is accomplished and no description of the mechanism for accomplishing the result, which does not integrate a judicial exception into a practical application or provide significantly more because this type of recitation is equivalent to the words "apply it”. For example, the claims do not state how the graph neural network (GNN)-based deep machine learning model is learned based on the enterprise data and the partner data. The claim merely states that the model is learned to determine one or more hierarchical relationships between the plurality of assets, the enterprise network, and the one or more network related partner services. This amounts to stating what the outcome of the model predicts, but not how it is trained or applied.. As such, the broadly recited machine learning does not integrate a judicial exception into a practical application or provide significantly more.
Viewing the generic data gathering and data output and broadly recited machine learning in combination with the generic computer does not add more than when viewing the elements individually. Accordingly, the additional elements do not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.
In step 2B, the examiner must be determine whether the claim adds a specific limitation other than what is well-understood, routine, conventional activity in the field - see MPEP 2106.05(d). As discussed with respect to Step 2A Prong Two, the processing circuitry in the claim amount to no more than mere instructions to apply the exception using a generic computer component. The same analysis applies here in 2B, i.e., mere instructions to apply an exception on a generic computer cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B.
Further, the output data is recited broadly in the claims. The Examiner takes official notice that providing the result of an analysis is well-known and conventional.
Further, similar to the analysis with respect to step 2A prong 2 recitation of claim limitations that attempt to cover any solution to an identified problem with no restriction on how the result is accomplished cannot provide an inventive concept under step 2B of the eligibility analysis.
Viewing the generic data gathering and data output and broadly recited machine learning in combination with the generic computer does not add more than when viewing the elements individually. Accordingly, the additional elements do provide and inventive concept.
Further Claims 3-11, 21-24 further limit the mental processes and business practices recited in the parent claim, but fail to remedy the deficiencies of the parent claim as they do not impose any additional elements that amount to significantly more than the abstract idea itself.
Further, claims 8 and 4 recited the use of a fuzzy rule and fuzzy clustering; claims 6 and 7 recite the use of a graph neural network. However, these additional elements are recited proudly and attempt to cover any solution to the identified problem with no restriction on how the result is accomplished and no description of the mechanism for accomplishing the result, which does not integrate a judicial exception into a practical application or provide significantly more because this type of recitation is equivalent to the words "apply it”.
Claim 21 recites the additional elements of “performing an adaptive neuro-fuzzy inference learning”; Claim 22 recites “using a graph neural network” and “deep neural fuzzy learning” deep neural fuzzy learning”. Claim 24 recites an adaptive neuro- fuzzy interface system (ANFIS); using a fuzzification layer and generating fuzzy rules using a rule inference layer; and defuzzifying outputs of the ANFIS.
However, these limitations attempt to cover any solution to the identified problem with no restriction on how the result is accomplished and no description of the mechanism for accomplishing the result, which does not integrate a judicial exception into a practical application or provide significantly more because this type of recitation is equivalent to the words "apply it”.
Further, the claims do not state how the layers are used in the deep neural fuzzy learning. Inputting of information into layers amount to insignificant data gathering, and the claims do not state how the layers are used in the deep neural fuzzy learning.
Further, the claims do not state how the adaptive neuro- fuzzy interface system and the fuzzification and defuzzifying actually work.
Accordingly, the Examiner concludes that there are no meaningful limitations in claims 3-11, 21-23 that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself.
The analysis above applies to all statutory categories of invention. The presentment of claim 1 otherwise styled as a computer program product, or system, for example, would be subject to the same analysis. As such, claims 12, 14-18, 20 are also rejected.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1, 3, 12, 14, 18, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kraning US 2021/0105304 A1 in view of Dooley US 2022/0129804 A1 in view of Schubert US 2023/0115095 A1 in view of Mansoor US 2022/0067109 A1.
As per Claim 1 Kraning teaches. A method comprising:
obtaining enterprise data about a plurality of assets and configuration of an enterprise network, and partner data about one or more network related partner services for the enterprise network; Kraning para. 181 teaches 181 At step 1404, the asset data is processed to determine one or more characteristics associated with the network asset such as a type of network asset (e.g., IP address, domain name, digital certificate, cloud infrastructure account, etc.), a related entity that is responsible for the asset (e.g., enterprise organization, department, employee, etc.), or a relationship between the entity and the related entity (e.g., business partner, vendor, supplier, acquisition target, etc.).
learning a machine learning model based on the enterprise data and the partner data to determine one or more hierarchical relationships between the plurality of assets, the enterprise network, and the one or more network related partner services, the machine learning model having nodes representing the plurality of the assets and edges representing the partner services;using one or more machine learning models to identify information included in the responses that is indicative of network assets associated with the entity.
applying the machine learning model to generate one or more risk values based on the one or more hierarchical relationships; Kraning para. 154 teaches In some embodiments, machine learning may be applied to identify potentially problematic properties and/or activities associated with network assets. For example, one or more machine learning models may be trained to identify various types of properties and/or detect various types of activities based on input asset data. In such embodiments, the asset data received at step 902 is input into the one or more machine learning models to generate property/activity data indicative of one or more potentially problematic properties and/or activities associated with the network assets. This property/activity data can then be processed using the one or more policy rules indicated by the policy data received at step 904 to determine whether the properties and/or activities associated with the network assets violate a policy rule of the entity.
providing the one or more risk values indicative of performance of the one or more network related partner services, and Kraning para. 188-189 teaches The exposure to risk may include, for example, exposure to an attack on entity A's core network but can also include exposure to business risk, for example, where an attack on a supplier's core network impacts the ability of the supplier to meet a supply obligation to entity A. Consider, for example, a scenario in which entity B supplies integrated circuits to entity A. In the example scenario, entity B suffers a ransomware attack on its core network which causes its integrated circuit production facilities to shut down. Although the ransomware attack on entity B's network does not directly impact the security of entity A's network, the shutdown of entity B's integrated circuit production facilities may significantly impact the supply chain and prevent entity A from fulfilling orders for the mobile phone it produces. Even a shutdown of entity B's production facilities for a few hours can result in millions of dollars in losses for both entity B and entity A. In other words, the cyber security risks of entity B are also cyber security risks for entity A. Currently, entities attempt to manage risk associated with suppliers through a process of audit and self-attestation. For example, a service-level agreement (SLA) between a parent and supplier will typically include terms that allow the parent to audit the supplier (e.g., yearly) to check that the supplier is taking certain measures to manage their own cyber security risk. However, such audits typically only require that the supplier self-attest that they are taking the measures defined by SLA. Such an audit process is ineffective at actually managing risk, particularly in complex supply chains, for several reasons. FIG. 17 shows a diagram that illustrates the various limitations of a process that includes audit and self-attestation for managing risk in a supply chain. First, even if a supplier attests truthfully to the best of their knowledge, that supplier may not actually have a comprehensive understanding of their own risk exposure. For example, with reference to FIG. 17, both entities B and E have obligations to self-attest in response to audits from entity A. If entities B or E do not actually have knowledge of their own risk exposure, the self-attestation to entity A provides little value to entity A, from a risk mitigation standpoint. Second, even if a supplier attests accurately to their own risks and measures taken to mitigate risk, that supplier may not have knowledge or understanding of risks introduced by their own suppliers further down the supply chain. For example, entity B may not have a similar audit regime set up with its suppliers further down the chain. Again, this means that the self-attestation by entity B to entity A provides little value to entity A. Third, an attempt by an entity to audit all of its suppliers in the supply chain (including suppliers of suppliers) would be impractical due to the number of suppliers, as well as complexity of any contractual agreements that would enable this. In some cases, auditing lower level suppliers may be impossible, particularly where those lower level suppliers are unknown to the parent for competitiveness reasons. For example, entity A may know that it is supplied by entities B and E, but for competitiveness reasons may have no knowledge of the lower level suppliers that supply entities B and E.
Kraning does not teach a graph neural network (GNN)-based deep machine learning model and applying the GNN However, Mansoor para. 40 teaches by combining the enterprise knowledge graphs with predictive algorithms, the CAP can identify and assess the impact of risks and opportunities across the business or organization. Knowledge graphs enable CAP to generate a new automated predictive model using advanced graph techniques such as GraphAL, Feedforward Neural Network, Convolutional Neural Network, Graph Neural Network or other algorisms which benefits by the entity relation model. Examples of such impact of risks and opportunities can include understanding what impact a supplier failure will have on an organization's customers, or identifying a hidden opportunity to capture more sales by shipping excess inventory. The knowledge graphs can also be used to enhance natural language search results. Searching for a specific customer, for example, will also display suppliers, products and locations that could be of interest based on the customer's purchase history. Both Kraning and Mansoor are directed to assessing risk in enterprise. Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the Applicant’s invention to modify the teachings of Kraning to include using a graph neural network (GNN)-based deep machine learning model and applying the GNN as taught by Mansoor to reveal implicit and explicit relationships within various entities of a business or organization which generated a more accurate analysis (as suggested by paras. 40).
Kraning does not teach performing at least one configuration action to the enterprise network to modify the one or more risk values based on one or more configuration actions performed by a plurality of similarly situated network related partner services, However, Dooley para. 10 teaches in some embodiments, the threshold or trigger value may be capable of being set or adjusted by a user. In some embodiments, benchmark data may be used to set or suggest a value for the threshold or trigger, or to recommend implementing additional mitigation efforts to reduce risk. In such embodiments, a decision process to determine if additional mitigation is recommended or required may implement logic that includes consideration of user inputs to a risk threshold and/or benchmark data. The benchmark data permits a user to consider the mitigation behaviors and techniques of other companies or organizations (such as those in a similar industry) when deciding whether to initiate additional mitigation measures or to adjust current mitigation methods or the level of mitigation to reflect behavior more in keeping with that practiced within the industry. This can be important in determining an organization's liability, as it is generally important that an organization practice risk mitigation and management techniques that would be considered reasonable and standard within an industry to avoid liability for negligence. Both Kraning and Dooley are directed to assessing risk in an enterprise. Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the Applicant’s invention to modify the teachings of Kraning to include performing at least one configuration action to the enterprise network to modify the one or more risk values based on one or more configuration actions performed by a plurality of similarly situated network related partner services as taught by Dooley to ensure that organizations practice risk mitigation and management techniques that would be considered reasonable and standard within an industry to avoid liability for negligence.
Kraning does not teach wherein a configuration action includes automatically performing one or more of: updating a software asset to a newer version, resolving network issues of the enterprise network, or renewing an expired software license in the enterprise network. However, Schubert teaches para. 453 teach the user interface 6700 includes an element 6714 for improving data health. The element 6714 includes indications of actions that can be taken to make improvements to the data health of various locations, devices, applications, etc. Each action of the element 6714 can indicate the location for which the action is to be taken, a device type for the action, the number of affected devices, a negative impact on the score, a description of the issue, and the personnel needed to perform the action and resolve the issue. In some embodiments, the action is generating a work order that is pushed to a technician (e.g., automatic assignment), the work order describing steps for resolving the issue. In some embodiments, the action is automatically performing an action, e.g., resetting the device (e.g., rebooting, resetting operating settings, etc.), reconfiguring network parameters for the device, performing a device software update, etc. In some embodiments, a user can accept or reject each action of the element 6714 via an accept or reject element in the element 6714. In some embodiments, the element 6714 can indicate the person who is responsible for addressing the issue, e.g., technical support, engineering support, facility maintenance, etc. In some embodiments, a user device of a user may be pushed a link to the user interface 6700 or a specific section of the user interface 6700 by the data auditor 5902. The link can queue an individual to review certain pieces of information that may be important for a person to review and understand, e.g., for a technician to understand when resolving a particular data health issue at a building. Both Kraning in view of Dooley and Schubert are directed to assessing risk in an enterprise. Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the Applicant’s invention to modify the teachings of Kraning in view of Dooley to include wherein a configuration action includes automatically performing one or more of: updating a software asset to a newer version, resolving network issues of the enterprise network, or renewing an expired software license in the enterprise network as taught by Schubert to more efficiently implement required updates which results in a more robust system.
As per Claim 3 Kraning teaches. The method of claim 1, wherein generating the one or more risk values includes: generating a respective risk value and an explanation for the respective risk value for each of a plurality of performance categories including one or more of a security risk category, a network device state risk category, a case support category, and a licensing status risk category. Kraning para. 23 teaches At step 2008, the processor can determine whether correlation(s) indicate that a security event occurred. If it is determined that a security event occurred, then, at step 2010, the processor can generate an output or otherwise indicate that the security event has occurred. For example, the processor may cause a notification to be generated that alerts an administrator associated with an entity (or another entity of interest such as a supplier) to take appropriate action. In some cases, the indication may be configured to cause another system to perform an automated remedial action to address the security event. If it is determined that a security event occurred, the processor can indicate that no security event has occurred and/or return to step 2002 to repeat the process, as indicated in FIG. 20.
Claim 12, 13 recites similar limitation to claim 1, 3 and is rejected for similar reasons. Further, Kraning teaches An apparatus comprising: a memory; a network interface configured to enable network communications; and a processor, wherein the processor is configured to perform the recited steps. (see para. 90-91)
Claim 18, 20 recites similar limitation to claim 1, 3 and is rejected for similar reasons. Further, Kraning teaches One or more non-transitory computer readable storage media encoded with software comprising computer executable instructions that, when executed by a processor, cause the processor to perform the recited steps. (see para. 267)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEIRDRE D HATCHER whose telephone number is (571)270-5321. The examiner can normally be reached Monday-Friday 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Epstein can be reached at 571-270-5389. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DEIRDRE D HATCHER/Primary Examiner, Art Unit 3625