DATA SUBJECT ASSESSMENT SYSTEMS AND METHODS FOR ARTIFICIAL INTELLIGENCE PLATFORM BASED ON COMPOSITE EXTRACTION

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on October 30, 2025 has been entered. In response to Applicant’s claims filed on October 30, 2025, claims 1-20 are now pending for examination in the application. Information Disclosure Statement The information disclosure statements (IDS) filed on 10/30/25 has been considered by the Examiner and made of record in the application file. Response to Arguments This office action is in response to amendment filed 10/30/2025. In this action Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Krishna et al. (US Pub. No. 20220261711) and Thakur et al. (US Pub. No. 20220038490) in further view of Argyros et al. (US Pub. No. 20190156256). The Krishna et al. reference has been added to address the amendment of defining a data subject, the defining performed by a data subject assessment service responsive to an instruction from a user, the instruction received through a user interface of the data subject assessment service, the data subject assessment service hosted on an artificial intelligence (AI) platform, the AI platform operating in a cloud computing environment and having a plurality of AI models. Applicant’s arguments: In regards to claim 1 on Pages 8, applicant argues the cited art fails to clearly and unequivocally disclose a “Applicant respectfully disagrees and submits that, as a whole, the claimed invention is necessarily rooted in computer technology to overcome a problem specifically arising in the realm of computer networks. A conventional AI platform operating in a cloud computing environment does not have a "data subject assessment service" that can respond to a user instruction "received through a user interface of the data subject assessment service" and that can, responsive to the user instruction thus received through the user interface, define a data subject which is then added to a data subject project that is created, configured, and "run" on a collection of documents to assess the data subject thus added using AI models for risk analyses.” as alleged. Examiner’s Reply: Creating, defining, determining, searching, and generating steps are part of limitations that recites a mental process capable of being performed by the human mind by using data along with a computer being used as a generic tool. The AI models themselves are additional elements. Applicant’s arguments: In regards to claim 1 on Pages 16, applicant argues the cited art fails to clearly and unequivocally disclose a “Again, Applicant respectfully submits that the claimed technological improvement of the instant Application is akin to the type of non-abstract improvement the Court found to be patent- eligible in Koninklijke. Specifically, as in Koninklijke, the claimed invention is also directed to a non-abstract improvement because it improves the accuracy of data subject assessment results by associating a data subject project with a plurality of AI models, each of the plurality of AI models modeling a risk, and running the data subject project on a collection of documents to assess the data subject, during which the claimed invention leverages the plurality of Al models in determining how sets of metadata associated with the collection of documents relate to one another and, based on relationships thus determined, generating data subject assessment results that are more accurate than prior data subject assessment methods.” as alleged. Examiner’s Reply: A claim limitation, under its broadest reasonable interpretation, covers a commercial interaction or mental process (eg analyzing documents for risks), then it falls within the “Mental process” grouping of abstract ideas set forth in the 2019 PEG. Accordingly, the claim recites an abstract idea. The examiner notes that the computer as recited in the claims are being used for document sentiment analysis using a computer (being used a generic tools). Therefore, the abstract idea recited in the claims is generally linking it to a computer environment, and does not integrate the abstract idea into a practical application. Document and Risk analysis does not improve the functioning of a computer. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-patentable subject matter. The claims are directed to an abstract idea without significantly more. Claim 1-20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The judicial exception is not integrated into a practical application. The claims do not include additional elements that are sufficient to amount to significantly more than judicial exception. The eligibility analysis in support of these findings is provided below, on Claim Rejections - 35 USC 101 accordance with the "2019 Revised Patent Subject Matter Eligibility Guidance" (published on 1/7/2019 in Fed, Register, Vol. 84, No. 4 at pgs. 50-57, hereinafter referred to as the "2019 PEG"). Step 1. in accordance with Step 1 of the eligibility inquiry (as explained in MPEP 2106), it is first noted the claim method (claims 1-7), system(s) (claims 8-14), and program product 15-20 is/are directed to one of the eligible categories of subject matter and therefore satisfies Step 1. Step 2A. In accordance with Step 2A, prong one of the 2019 PEG, it is noted that the independent claims recite an abstract idea falling within the Mental Processes enumerated groupings of abstract ideas set forth in the 2019 PEG. Examiner is of the position that independent claims 1, 8, and 15 are directed towards the Mental Process Grouping of Abstract Ideas. Independent claims 1 recites the following limitations directed towards a Mental Processes: defining a data subject, the defining performed by a data subject assessment service responsive to an instruction from a user, the instruction received through a user interface of the data subject assessment service, the data subject assessment service hosted on an artificial intelligence (AI) platform, the AI platform operating in a cloud computing environment and having a plurality of AI models (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by defining subject data); creating a data subject project, wherein the creating the data subject project comprises associating the data subject project with the plurality of AI models, each of the plurality of AI models modeling a risk (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by creating subject data); configuring the data subject project, the configuring the data subject project comprising setting the risk at a risk level responsive to a setting received through the user interface of the data subject assessment service (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by configuring subject data); adding the data subject to the data subject project (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by adding subject data); running the data subject project on a collection of documents to assess the data subject, wherein accessing the data subject comprises (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to assess subject data); determining how sets of metadata associated with the collection of documents relate to one another (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to determine metadata); and based on relationships thus determined, generating data subject assessment results (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to generating results); searching for data subject relationships in the data subject assessment results, wherein the searching produces a subset of the data subject assessment results (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by searching subject data). generating a report on the subset of the data subject assessment results (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by generating a report). Step 2A. In accordance with Step 2A, prong two of the 2019 PEG, the judicial exception is not integrated into a practical application because of the recitation in claim(s) 1, 8, and 15: a processor (i.e., as a generic processor/component performing a generic computer function); a non-transitory computer-readable medium (i.e., as a generic processor/component performing a generic computer function); and instructions (i.e., as a generic processor/component performing a generic computer function) stored on the non-transitory computer-readable medium and translatable by the processor. Step 2B. Similar to the analysis under 2A Prong Two, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Because the additional elements of the independent claims amount to insignificant extra solution activity and/or mere instructions, the additional elements do not add significantly more to the judicial exception such that the independent claims as a whole would be patent eligible. Therefore, independent claims 1, 8, and 15 are rejected under 35 U.S.C. 101. With respect to claim(s) 2, 9, 16: Step 2A, prong one of the 2019 PEG: Examiner is of the position the dependent claim is directed toward additional elements. Step 2A Prong Two Analysis: importing a file containing data subject information (recites insignificant extrasolution activity for importing subject data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 3 and 10: Step 2A, prong one of the 2019 PEG: wherein the configuring the data subject project comprises selecting an instance of an analytic engine operating on the AI platform (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by selecting an instance). Step 2A Prong Two Analysis: This judicial exception is not integrated into a practical application because there are no additional elements to provide practical application. Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 4, 11, and 17: Step 2A, prong one of the 2019 PEG: performing data subject assessment operations on the document (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to assessing a document). Step 2A Prong Two Analysis: accessing a data source (recites insignificant extrasolution activity for assessing subject data); retrieving a document from the collection (recites insignificant extrasolution activity for retrieving subject data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 5, 12, and 18: Step 2A, prong one of the 2019 PEG: performing data subject assessment operations on the document (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to assessing a document). Step 2A Prong Two Analysis: accessing a data source (recites insignificant extrasolution activity for assessing subject data); retrieving a document from the collection (recites insignificant extrasolution activity for retrieving subject data). Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 6, 13, and 19: Step 2A, prong one of the 2019 PEG: wherein the configuring the data subject project comprises selecting a processing language (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by selecting a processing language). Step 2A Prong Two Analysis: Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. With respect to claim(s) 7, 14, and 20: Step 2A, prong one of the 2019 PEG: customizing the data subject project, wherein the customizing the data subject project comprises adding another data subject to the data subject project (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to customizing subject data). Step 2A Prong Two Analysis: This judicial exception is not integrated into a practical application because there are no additional elements to provide practical application. Step 2B Analysis: The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Krishna et al. (US Pub. No. 20220261711) and Thakur et al. (US Pub. No. 20220038490) in further view of Argyros et al. (US Pub. No. 20190156256). With respect to claim 1, Krishna et al. discloses a data subject assessment method, comprising: defining a data subject, the defining performed by a data subject assessment service responsive to an instruction from a user (Paragraph 51 discloses define pertinent terms (e.g., liability, acceptance criteria), and connections or relationships between various aspects of the contract), the instruction received through a user interface of the data subject assessment service, the data subject assessment service hosted on an artificial intelligence (AI) platform, the AI platform operating in a cloud computing environment and having a plurality of AI models (Paragraph 56 discloses data is processed by one or more classification algorithms 1002 and one or more deep learning-based algorithms (e.g., ANN models), and/or other ensemble learning Al models and Paragraph 81 discloses a cloud computing environment); creating a data subject project, wherein the creating the data subject project comprises associating the data subject project with the plurality of AI models, each of the plurality of AI models modeling a risk (Paragraph 30 discloses the service can be implemented to classify clauses that are associated with a higher level of risk and/or a specific type of risk category). Krishna et al. does not disclose explicitly disclose configuring the data subject project, the configuring the data subject project comprising setting the risk at a risk level responsive to a setting received through the user interface of the data subject assessment service. However, Thakur et al. discloses configuring the data subject project, the configuring the data subject project comprising setting the risk at a risk level responsive to a setting received through the user interface of the data subject assessment service (Paragraph 54 discloses the user can provide input 80 via the graphical user interface 76 to accept or modify configurable threat features accordingly for the identified cybersecurity threat 902, including modifying the priority level of the identified cybersecurity threat 902 to “high.”); adding the data subject to the data subject project (Paragraph 54 discloses the user can provide input 80 via the graphical user interface 76 to accept or modify configurable threat features accordingly for the identified cybersecurity threat 902, including modifying the priority level of the identified cybersecurity threat 902 to “high.”); searching for data subject relationships in the data subject assessment results, wherein the searching produces a subset of the data subject assessment results (Paragraph 48 discloses cybersecurity threats 902 associated with the extracted features and their interrelationships with system elements 54a); and generating a report on the subset of the data subject assessment results (Paragraph 58 discloses generate one or more reports 94 from the threat analysis, at least one of which can include an organized arrangement of at least some of the attributes of at least some of the components, data flows or cybersecurity threat). Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Krishna et al. with Thakur et al. This would have facilitated risk assessment. See Thakur et al. Paragraph(s) 3-6. Krishna et al. as modified by Thakur et al. does not disclose running the data subject project on a collection of documents to assess the data subject, wherein accessing the data subject comprises: determining how sets of metadata associated with the collection of documents relate to one another; and based on relationships thus determined, generating data subject assessment results. However, Argyros et al. teaches running the data subject project on a collection of documents to assess the data subject, wherein accessing the data subject comprises: determining how sets of metadata associated with the collection of documents relate to one another (Paragraph 79 discloses generate a set of metadata tags which are assigned to the risk identifiers that correspond to operational risk categories); and based on relationships thus determined, generating data subject assessment results (Paragraph 87 discloses application parses the set of risk assessment documents to identify one or more portions of text corpus indicative of operational risk (block 504). In one embodiment, parsing of the set of risk assessment documents may be performed by an NLP algorithm. The application determines contextual features from the identified one or more portions of the text corpus (block 506). In one embodiment, the contextual features may refer to a regulation, an obligation, a topic, a subject, or a subject-matter domain). Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Krishna et al. and Thakur et al. with Argyros et al. This would have facilitated risk assessment. See Argyros et al. Paragraph(s) 5-7. The Krishna et al. reference as modified by Thakur et al. and Argyros et al. teaches all the limitations of claim 1. With respect to claim 2, Thakur et al. discloses the data subject assessment method according to claim 1, further comprising: importing a file containing data subject information (Paragraph 36 discloses the first text miner 46 mines unstructured data from unstructured text sources 906 including system configuration files and security policies, extracts features of the target computer system 900 from these text sources 906, and feeds extracted features of the target computer system 900 into the artificial intelligence system modeling assistant 52a). The motivation to combine statement previously provided in the rejection of dependent claim 2 provided above, combining the Krishna et al. reference and the Thakur et al. reference is applicable to independent claim 1. The Krishna et al. reference as modified by Thakur et al. and Argyros et al. teaches all the limitations of claim 1. With respect to claim 3, Thakur et al. discloses the data subject assessment method according to claim 1, wherein the configuring the data subject project comprises selecting an instance of an analytic engine operating on the AI platform (Paragraph 56 discloses threat analyzer 88 includes a third artificial intelligence model 38 including a third neural network 90 that has been trained on a third training data set including classified system elements 43, classified threats 65, and user inputted security recommendations, and is configured to, at run-time, receive run-time input of classified system elements 54a for a target computer system 900 and classified cybersecurity threats for a target cybersecurity threat, and in response output a predicted security recommendation 92 for each classified system element and classified threat pair of the target computer system 900). The motivation to combine statement previously provided in the rejection of dependent claim 3 provided above, combining the Krishna et al. reference and the Thakur et al. reference is applicable to independent claim 1. The Krishna et al. reference as modified by Thakur et al. and Argyros et al. teaches all the limitations of claim 1. With respect to claim 4, Thakur et al. discloses the data subject assessment method according to claim 1, wherein the running the data subject project comprises: accessing a data source (Paragraph 36 discloses the first text miner 46 mines unstructured data from unstructured text source); retrieving a document from the collection (Paragraph 46 discloses the second text miner 68 mines, crawls, and/or scrapes various documents and IT security policy documents 910a from the internet or intranet for known cybersecurity threats); and performing data subject assessment operations on the document (Paragraph 46 discloses the second text miner 68 mines, crawls, and/or scrapes various documents and IT security policy documents 910a from the internet or intranet for known cybersecurity threats. The motivation to combine statement previously provided in the rejection of dependent claim 4 provided above, combining the Krishna et al. reference and the Thakur et al. reference is applicable to independent claim 1. The Krishna et al. reference as modified by Thakur et al. and Argyros et al. teaches all the limitations of claim 1. With respect to claim 5, Thakur et al. discloses the data subject assessment method according to claim 4, wherein the data subject assessment operations comprise text mining operations and application of rules, wherein the text mining operations produce metadata about the document, and wherein the application of rules leverages the metadata and applies an action to the document when a condition is met (Paragraph 36 discloses the first text miner 46 mines unstructured data from unstructured text source and 41 discloses a graphical user interface 56 to present metadata for each system element 54a as suggestions 58, and allow for a user such as human operator 904 to provide system property adoption user input 22 including an indication of whether to accept or reject each of the system-related candidate properties). The motivation to combine statement previously provided in the rejection of dependent claim 5 provided above, combining the Krishna et al. reference and the Thakur et al. reference is applicable to independent claim 1. The Krishna et al. reference as modified by Thakur et al. and Argyros et al. teaches all the limitations of claim 1. With respect to claim 6, Thakur et al. discloses the data subject assessment method according to claim 1, wherein the configuring the data subject project comprises selecting a processing language (Paragraph 44 discloses A threat template editor 70 is configured to process the extracted features, identify cybersecurity threats 902 associated with the extracted features and their interrelationships with system elements 54a, and populate a threat template 72 for each identified cybersecurity threat 902 with threat-specific candidate properties for that threat 902). The motivation to combine statement previously provided in the rejection of dependent claim 6 provided above, combining the Krishna et al. reference and the Thakur et al. reference is applicable to independent claim 1. The Krishna et al. reference as modified by Thakur et al. and Argyros et al. teaches all the limitations of claim 1. With respect to claim 7, Thakur et al. discloses the data subject assessment method according to claim 1, further comprising: customizing the data subject project, wherein the customizing the data subject project comprises adding another data subject to the data subject project (Paragraph 49 discloses the user, i.e., human operator 904, can accept, reject, or modify the candidate properties 86 for each cybersecurity threat 902, and can add, delete, or modify the cybersecurity threats 902 themselves and their interrelationships with system elements 54a, so that the user can provide feedback to improve the accuracy of the identification of cybersecurity threats 902 and the populating of the threat templates 72). The motivation to combine statement previously provided in the rejection of dependent claim 7 provided above, combining the Krishna et al. reference and the Thakur et al. reference is applicable to independent claim 1. With respect to claim 8, Krishna et al. discloses a data subject assessment system, comprising: a processor (Paragraph 7 discloses a processor and machine-readable media including instructions); a non-transitory computer-readable medium (Paragraph 7 discloses a processor and machine-readable media including instructions); and instructions stored on the non-transitory computer-readable medium and translatable by the processor for: defining a data subject, the defining performed by a data subject assessment service responsive to an instruction from a user (Paragraph 51 discloses define pertinent terms (e.g., liability, acceptance criteria), and connections or relationships between various aspects of the contract), the instruction received through a user interface of the data subject assessment service, the data subject assessment service hosted on an artificial intelligence (AI) platform, the AI platform operating in a cloud computing environment and having a plurality of AI models (Paragraph 56 discloses data is processed by one or more classification algorithms 1002 and one or more deep learning-based algorithms (e.g., ANN models), and/or other ensemble learning Al models and Paragraph 81 discloses a cloud computing environment); creating a data subject project, wherein the creating the data subject project comprises associating the data subject project with the plurality of AI models, each of the plurality of AI models modeling a risk (Paragraph 30 discloses the service can be implemented to classify clauses that are associated with a higher level of risk and/or a specific type of risk category). Krishna et al. does not disclose explicitly disclose configuring the data subject project, the configuring the data subject project comprising setting the risk at a risk level responsive to a setting received through the user interface of the data subject assessment service. However, Thakur et al. discloses configuring the data subject project, the configuring the data subject project comprising setting the risk at a risk level responsive to a setting received through the user interface of the data subject assessment service (Paragraph 54 discloses the user can provide input 80 via the graphical user interface 76 to accept or modify configurable threat features accordingly for the identified cybersecurity threat 902, including modifying the priority level of the identified cybersecurity threat 902 to “high.”); adding the data subject to the data subject project (Paragraph 54 discloses the user can provide input 80 via the graphical user interface 76 to accept or modify configurable threat features accordingly for the identified cybersecurity threat 902, including modifying the priority level of the identified cybersecurity threat 902 to “high.”); searching for data subject relationships in the data subject assessment results, wherein the searching produces a subset of the data subject assessment results (Paragraph 48 discloses cybersecurity threats 902 associated with the extracted features and their interrelationships with system elements 54a); and generating a report on the subset of the data subject assessment results (Paragraph 58 discloses generate one or more reports 94 from the threat analysis, at least one of which can include an organized arrangement of at least some of the attributes of at least some of the components, data flows or cybersecurity threat). Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Krishna et al. with Thakur et al. This would have facilitated risk assessment. See Thakur et al. Paragraph(s) 3-6. Krishna et al. as modified by Thakur et al. does not disclose running the data subject project on a collection of documents to assess the data subject, wherein accessing the data subject comprises: determining how sets of metadata associated with the collection of documents relate to one another; and based on relationships thus determined, generating data subject assessment results. However, Argyros et al. teaches running the data subject project on a collection of documents to assess the data subject, wherein accessing the data subject comprises: determining how sets of metadata associated with the collection of documents relate to one another (Paragraph 79 discloses generate a set of metadata tags which are assigned to the risk identifiers that correspond to operational risk categories); and based on relationships thus determined, generating data subject assessment results (Paragraph 87 discloses application parses the set of risk assessment documents to identify one or more portions of text corpus indicative of operational risk (block 504). In one embodiment, parsing of the set of risk assessment documents may be performed by an NLP algorithm. The application determines contextual features from the identified one or more portions of the text corpus (block 506). In one embodiment, the contextual features may refer to a regulation, an obligation, a topic, a subject, or a subject-matter domain). Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Krishna et al. and Thakur et al. with Argyros et al. This would have facilitated risk assessment. See Argyros et al. Paragraph(s) 5-7. With respect to claim 9, it is rejected on grounds corresponding to above rejected claim 2, because claim 9 is substantially equivalent to claim 2. With respect to claim 10, it is rejected on grounds corresponding to above rejected claim 3, because claim 10 is substantially equivalent to claim 3. With respect to claim 11, it is rejected on grounds corresponding to above rejected claim 4, because claim 11 is substantially equivalent to claim 4. With respect to claim 12, it is rejected on grounds corresponding to above rejected claim 5, because claim 12 is substantially equivalent to claim 5. With respect to claim 13, it is rejected on grounds corresponding to above rejected claim 6, because claim 13 is substantially equivalent to claim 6. With respect to claim 14, it is rejected on grounds corresponding to above rejected claim 7, because claim 14 is substantially equivalent to claim 7. With respect to claim 15, Krishna et al. discloses a computer program product for data subject assessment, the compute program product comprising a non-transitory computer-readable medium storing instructions translatable by a processor for: defining a data subject, the defining performed by a data subject assessment service responsive to an instruction from a user (Paragraph 51 discloses define pertinent terms (e.g., liability, acceptance criteria), and connections or relationships between various aspects of the contract), the instruction received through a user interface of the data subject assessment service, the data subject assessment service hosted on an artificial intelligence (AI) platform, the AI platform operating in a cloud computing environment and having a plurality of AI models (Paragraph 56 discloses data is processed by one or more classification algorithms 1002 and one or more deep learning-based algorithms (e.g., ANN models), and/or other ensemble learning Al models and Paragraph 81 discloses a cloud computing environment); creating a data subject project, wherein the creating the data subject project comprises associating the data subject project with the plurality of AI models, each of the plurality of AI models modeling a risk (Paragraph 30 discloses the service can be implemented to classify clauses that are associated with a higher level of risk and/or a specific type of risk category). Krishna et al. does not disclose explicitly disclose configuring the data subject project, the configuring the data subject project comprising setting the risk at a risk level responsive to a setting received through the user interface of the data subject assessment service. However, Thakur et al. discloses configuring the data subject project, the configuring the data subject project comprising setting the risk at a risk level responsive to a setting received through the user interface of the data subject assessment service (Paragraph 54 discloses the user can provide input 80 via the graphical user interface 76 to accept or modify configurable threat features accordingly for the identified cybersecurity threat 902, including modifying the priority level of the identified cybersecurity threat 902 to “high.”); adding the data subject to the data subject project (Paragraph 54 discloses the user can provide input 80 via the graphical user interface 76 to accept or modify configurable threat features accordingly for the identified cybersecurity threat 902, including modifying the priority level of the identified cybersecurity threat 902 to “high.”); searching for data subject relationships in the data subject assessment results, wherein the searching produces a subset of the data subject assessment results (Paragraph 48 discloses cybersecurity threats 902 associated with the extracted features and their interrelationships with system elements 54a); and generating a report on the subset of the data subject assessment results (Paragraph 58 discloses generate one or more reports 94 from the threat analysis, at least one of which can include an organized arrangement of at least some of the attributes of at least some of the components, data flows or cybersecurity threat). Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Krishna et al. with Thakur et al. This would have facilitated risk assessment. See Thakur et al. Paragraph(s) 3-6. Krishna et al. as modified by Thakur et al. does not disclose running the data subject project on a collection of documents to assess the data subject, wherein accessing the data subject comprises: determining how sets of metadata associated with the collection of documents relate to one another; and based on relationships thus determined, generating data subject assessment results. However, Argyros et al. teaches running the data subject project on a collection of documents to assess the data subject, wherein accessing the data subject comprises: determining how sets of metadata associated with the collection of documents relate to one another (Paragraph 79 discloses generate a set of metadata tags which are assigned to the risk identifiers that correspond to operational risk categories); and based on relationships thus determined, generating data subject assessment results (Paragraph 87 discloses application parses the set of risk assessment documents to identify one or more portions of text corpus indicative of operational risk (block 504). In one embodiment, parsing of the set of risk assessment documents may be performed by an NLP algorithm. The application determines contextual features from the identified one or more portions of the text corpus (block 506). In one embodiment, the contextual features may refer to a regulation, an obligation, a topic, a subject, or a subject-matter domain). Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Krishna et al. and Thakur et al. with Argyros et al. This would have facilitated risk assessment. See Argyros et al. Paragraph(s) 5-7. With respect to claim 16, it is rejected on grounds corresponding to above rejected claim 2, because claim 16 is substantially equivalent to claim 2. With respect to claim 17, it is rejected on grounds corresponding to above rejected claim 4, because claim 17 is substantially equivalent to claim 4. With respect to claim 18, it is rejected on grounds corresponding to above rejected claim 5, because claim 18 is substantially equivalent to claim 5. With respect to claim 19, it is rejected on grounds corresponding to above rejected claim 6, because claim 19 is substantially equivalent to claim 6. With respect to claim 20, it is rejected on grounds corresponding to above rejected claim 7, because claim 20 is substantially equivalent to claim 7. Relevant Prior Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US PG-PUB 20220261711 is directed to SYSTEM AND METHOD FOR INTELLIGENT CONTRACT GUIDANCE: [0004] determining risk categories and calculating risk levels for clauses in contracts is disclosed. The system and method solve the problems discussed above by providing a comprehensive, autonomous contract risk analysis and assessment platform. The system applies artificial intelligence models that can autonomously generate insights, recommendations, summaries, and alerts for key contract clauses and milestones to users via a virtual assistant-based chatbot interface. The system provides highly accurate risk levels for various types of contract clauses, as well as identification of potentially problematic clause types, thereby minimizing the likelihood of a contract failing to serve the needs of a signing party. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS E ALLEN whose telephone number is (571)270-3562. The examiner can normally be reached Monday through Thursday 830-630. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached at (571) 270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /N.E.A/Examiner, Art Unit 2154 /SYED H HASAN/Primary Examiner, Art Unit 2154