Notice of Pre-AIA or AIA Status
present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is in response to the amendments filed on 01/02/2026. Claims 1-20 are pending and have been considered below.
Priority
Acknowledgment is made of no claim of foreign priority.
Drawings
The drawings filed on 01/11/2024 are accepted.
Specification
The specification filed on 01/11/2024 is accepted.
Response to Arguments
Applicant's arguments with respect to "Claim rejection under 35 USC 101", remarks pages 8-15 have been fully considered but they are not persuasive because: after review of the claims in light of the specification, the examiner notes that the claims are directed toward an abstract. The claims recite a judicial exception and the exception is not integrated in to practical application. The examiner further notes that the specification or claims fails to provide details regarding the manner in which the invention accomplished the alleged improvement when holding the system, method, and CRM of determining a plurality of risk factor, determining a plurality of factor score, output a security health based on a product of scores, output an alert enabling user to identify and resolve security risk and output and update security score is ineligible., therefore the rejection has been maintain
Claim Rejections - 35 USC § 101
U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20: the claims are directed to an abstract idea without significantly more. The claims recite the limitations of ‘ determining a plurality of risk factors, determining a plurality of factor scores, outputting a security health score based on a product of each of the plurality of factor scores; outputting an alert and outputting an updated security health score based on any change in any value of any parameter used to determine any of the plurality of factor scores”. Such mental observations or evaluations fall within the mental processes grouping of abstract ideas. This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a processor, non-transitory computer readable medium to perform the determining and the output steps. The processor is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of (determining and output) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a processor to perform the determining and outputting steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Allowable Subject Matter
As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with. See 37 CFR 1.111(b) and MPEP § 707.07(a).
The following is a statement of reasons for the indication of allowable subject matter:
Kochura et al U.S. 2020/0167470 A1 is directed toward method involves applying a safety tag (400) to the data files by a computing device, detecting risk factors in a data stream indicating an unsafe situation by the computing device, determining a risk score (430) based on the risk factors, and performing a security action on the data files based on the safety tag applied to each file by the computing device in response to the risk score exceeding a predetermined threshold. The safety tag specifies the security action to be performed that is selected from the group comprising a backup action, a delete action, and an encrypt action.
Izrael et al U.S. 2020/0314134 A1 teaches system and method for mitigating cyber security threats by devices using risk factors. The method includes determining a plurality of risk factors for a device based on a plurality of risk behaviors indicated by network activity and information of the device; determining a risk score for the device based on the plurality of risk factors and a plurality of weights, wherein each of the plurality of weights is applied to one of the plurality of risk factors; and performing at least one mitigation action based on the risk score.
Yadav et al U.S. 2022/0043717 A1 is directed toward a method for verifying data includes obtaining, by a backup agent, a backup verification trigger for a backup stored in a backup storage system, in response to the backup verification trigger, obtaining backup metadata associated with the backup, performing a hierarchical structure data mapping based on the backup metadata to obtain a hierarchical structure associated with the backup, performing, using the hierarchical structure, a backup verification to generate a backup health state of the backup, after the backup verification is generated: making a determination, based on the backup verification, that the backup health state is not in a healthy state, and in response to the determination, performing a remediation of the backup policies.
McGovern U.S. 2009/0024663 A1 is directed toward method includes identifying a plurality of parameters relevant to information security of information systems, establishing at least two risk levels associated with each of the plurality of parameters, assigning a numerical score to each of the at least two risk level associated with each of the plurality of parameters, recording the parameters, risk levels and numerical scores into one or more data structures, and assessing and scoring information security of a specified information system and/or collectively for an entire enterprise based at least in part on the one or more data structures.
The prior art of record Kochura et al U.S. 2020/0167470 A1 in view of Izrael et al U.S. 2020/0314134 A1 in further view of Yadav et al U.S. 2022/0043717 and McGovern U.S. 2009/0024663 A1. Such as ”determine a plurality of risk factors, which are based on security parameters received from a backup storage system, wherein the plurality of risk factors are associated with data at rest, access control, digital certificates, and encryption keys; determine a plurality of factor scores, corresponding to the plurality of risk factors, which are based on values of the security parameters received from the backup storage system, wherein each factor score is inversely related to a corresponding level of security risk; output a security health score based on a product of each of the plurality of factor scores; output an alert which enables a system user to identify and resolve a security risk, in response to a determination that the security health score is less than a threshold; and output an updated security health score based on any change in any value of any parameter used to determine any of the plurality of factor scores”.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FATOUMATA TRAORE whose telephone number is (571)270-1685. The examiner can normally be reached 6:30-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at 5712724219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Saturday, April 18, 2026
/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436
Prosecution Insights